From bgmahesh at gmail.com Wed Feb 1 03:01:49 2006 From: bgmahesh at gmail.com (BG Mahesh) Date: Wed Feb 1 03:01:51 2006 Subject: Looking for Mailscanner+CommunigatePro scripts Message-ID: <5227ac5c0601311901u1c5b946dt69b6baeff4bd15da@mail.gmail.com> hi I am looking for Mailscanner scripts that will work with CommunicatePro [ stalker.com]. I am unable to find the source anywhere. If anyone has personal experience using this combo I would love to hear. -- -- B.G. Mahesh -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/0aec1bab/attachment.html From bgmahesh at gmail.com Wed Feb 1 03:04:21 2006 From: bgmahesh at gmail.com (BG Mahesh) Date: Wed Feb 1 03:04:23 2006 Subject: SurgeMail+Mailscanner info needed Message-ID: <5227ac5c0601311904v49a3796ha12ae37e2ad03744@mail.gmail.com> hi Is anyone using Mailscanner with Surgemail [surgemail.com]? How easy is to set it up. -- -- B.G. Mahesh -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/783cda1a/attachment.html From mailstodevi at yahoo.com Wed Feb 1 03:30:02 2006 From: mailstodevi at yahoo.com (Devi S) Date: Wed Feb 1 03:30:11 2006 Subject: spamassassinprefsfile at line 1377 In-Reply-To: Message-ID: <20060201033002.55454.qmail@web50606.mail.yahoo.com> Scott Silva wrote: > > Please advice. Thank you. Is this an upgrade? Did you run the upgrade_MailScanner_conf script? I think I didn't do that this time. Julian also advised to do it. Can I do it now or should I do it only during next upgradation? Regards Devi S. Our greatest glory is not in never falling- but in rising every time we fall - Confucius --------------------------------- What are the most popular cars? Find out at Yahoo! Autos -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060131/09d62279/attachment.html From brent.addis at pronet.co.nz Wed Feb 1 07:07:29 2006 From: brent.addis at pronet.co.nz (Brent Addis) Date: Wed Feb 1 07:08:03 2006 Subject: Looking for Mailscanner+CommunigatePro scripts In-Reply-To: <5227ac5c0601311901u1c5b946dt69b6baeff4bd15da@mail.gmail.com> References: <5227ac5c0601311901u1c5b946dt69b6baeff4bd15da@mail.gmail.com> Message-ID: <43E05E31.1070200@pronet.co.nz> I used communigate at a previous company, it never really worked. you are much better off setting up mailscanner as a gateway in front of the communigate server. BG Mahesh wrote: > > hi > > I am looking for Mailscanner scripts that will work with > CommunicatePro [stalker.com ]. I am unable to find > the source anywhere. > > If anyone has personal experience using this combo I would love to hear. > > -- > -- > B.G. Mahesh -- Regards, Brent Addis Technical Account Manager Pronet Internet NZ LTD Mobile: 021 723 612 -------------- next part -------------- A non-text attachment was scrubbed... Name: brent.addis.vcf Type: text/x-vcard Size: 286 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/6e9407a2/brent.addis.vcf From taz at taz-mania.com Wed Feb 1 07:23:14 2006 From: taz at taz-mania.com (Dennis Willson) Date: Wed Feb 1 07:23:18 2006 Subject: Looking for Mailscanner+CommunigatePro scripts In-Reply-To: <43E05E31.1070200@pronet.co.nz> References: <5227ac5c0601311901u1c5b946dt69b6baeff4bd15da@mail.gmail.com> <43E05E31.1070200@pronet.co.nz> Message-ID: <43E061E2.9050104@taz-mania.com> I use Communigate and I run sendmail with MailScanner (actually several of them) as hubs prior to the Communigate server. Communigate has lots of nice end user functionality, Spam filtering it's weak on however. They didn't really put hooks in that would allow MailScanner to work effectively the way it does with other MTAs. Plus I like to have multiple mail hubs anyway and this way I can bring one down and work on it without the end users being interrupted or even knowing I'm doing it. Usually to upgrade, take my spare server and build a totally new machine and completely test it and then just swap it for one of the hubs, I then take that machine and build it exactly like the one I just put in and then replace the next hub and so on. No down time at all for the users which makes my life easier. Brent Addis wrote: > I used communigate at a previous company, it never really worked. you > are much better off setting up mailscanner as a gateway in front of > the communigate server. > > BG Mahesh wrote: > >> >> hi >> >> I am looking for Mailscanner scripts that will work with >> CommunicatePro [stalker.com ]. I am unable to >> find the source anywhere. >> >> If anyone has personal experience using this combo I would love to hear. >> >> -- >> -- >> B.G. Mahesh > > > From mailscanner at mango.zw Wed Feb 1 08:11:43 2006 From: mailscanner at mango.zw (Jim Holland) Date: Wed Feb 1 08:20:03 2006 Subject: OT: sendmail greet_pause feature Message-ID: Perhaps other sendmail users know all about this, but I have only looked at it for the first time. I run sendmail 8.13.1 and have decided to implement the greet_pause feature for the first time (after seeing that it is a default option in Debian installations). This requires a specified delay after connection, which can be network specific, before a client system is allowed to send any SMTP commands. Any client that breaks normal SMTP protocols by trying to force commands before receiving the go-ahead is immediately disconnected. This seems to distinguish very successfully between genuine mailers and spammers/viruses that are not RFC-compliant. Using a 5 second delay I have found that the system has blocked over 3200 connections in the first 24 hours I used it. The client systems were all typical of spammers, with adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR record at all. I found only four systems in the blocked group that looked as if they were genuine. On further investigation I found that earlier log records for some of those sites indicated behaviour typical of virus infections in any case. To implement the feature: Add the following to the sendmail.mc file: FEATURE(`greet_pause', `5000')dnl 5 seconds Rebuild sendmail and restart MailScanner: m4 < sendmail.mc > sendmail.cf service MailScanner restart Then specific entries for client hostname, domain, IP address or subnet can be put in the access file: GreetPause:my.domain 0 GreetPause:example.com 5000 GreetPause:10.1.2 2000 GreetPause:127.0.0.1 0 Definitely worth a look I would say, as it blocks large numbers of spammers before they are allowed to send any data, with very low risk of blocking genuine systems. It even seems to allow genuine mail from infected systems to be accepted while blocking viruses from those same systems before the DATA phase - as many viruses seem to behave rather impolitely :-) Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From glenn.steen at gmail.com Wed Feb 1 08:49:46 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 1 08:49:50 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: Message-ID: <223f97700602010049k72250beat@mail.gmail.com> On 01/02/06, Richard Edge wrote: > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt > Kettler > Sent: Tuesday, January 31, 2006 3:12 PM > To: MailScanner discussion > Subject: Re: ALL_TRUSTED problems > > > >Did you do a reload on mailscanner after editing? > > Yes > > >I'd also STRONGLY suggest running: > >spamassassin --lint. > > >As previously suggested. You should run that EVERY time you edit a > config file. > > Which I always do. No problems reported. Ok, how about quoting a bit of the begining of "spamassassin --lint -D" here? Just the part Matt's been asking about... One gets the nagging feeling that for some reason spamassassin isn't seeing this file you keep changing... At least not when running as the user MailScanner is run as... There's a thought, are you perhaps running Postfix (sorry if you've mentioned this already:)? In that case, run the lint/debug as your postfix user (might entail "su - postfix --shell=/bin/bash" if you have it suitably secured). Anyway, "try running it as close to what it's like when run in MailScanner" is the general idea. Things to note (I know this has been said already, but...:-) are, of course, site rules directory, and the reading in of the mailscanner.cf file. > > > Please use https://helpdesk.twu.ca for all Technical support requests. > Really? A relative of mine has these BMC 1300s that consume approximately as much oil as petrol.... Would the helpdesk handle that too:-):-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martinh at solid-state-logic.com Wed Feb 1 09:03:17 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Feb 1 09:03:42 2006 Subject: ALL_TRUSTED problems In-Reply-To: Message-ID: <003b01c6270e$57a5d8f0$3004010a@martinhlaptop> Richard I presume that /etc/mail/spamassassin is the correct place for mailscanner.conf to be? Ie it's the same dir that's also got the *.pre and local.cf files in it as well??? MailScanner normally does a good job of spotting which dir the pop the mailscanner.conf, but its worth checking. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Richard Edge > Sent: 31 January 2006 23:04 > To: MailScanner discussion > Subject: RE: ALL_TRUSTED problems > > I have tried adding "clear_trusted_networks" and have confirmed that I > only have one configuration file with trusted_networks, > /etc/mail/spamassasin/mailscanner.cf which is linked to > /etc/MailScanner/spam.assassin.prefs.conf and it is still firing and > with a score of -1.80. This is in spite of also adding a "score > ALL_TRUSTED -0.01" to the spam.assassin.prefs.conf and commenting out > the "trusted_networks". The "score ALL_TRUSTED -0.01" setting does not > seem to have any effect on the scoring of this test. > > I have also tried leaving the trusted_networks commented out and > removing "score ALL_TRUSTED -0.01" from spam.assassin.prefs.conf and > adding it to /etc/mail/spamassassin/local.cf without any change. This > occurs on both gateways with identical configurations. > > Richard Edge > Senior Systems Administrator | Technology Services > Trinity Western University | t: 604.513.2089 > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Tuesday, January 31, 2006 1:32 PM > To: MailScanner discussion > Subject: Re: ALL_TRUSTED problems > > You might need to add > clear_trusted_networks > before you set the trusted_networks value. > > Richard Edge wrote: > > I am have a problem with the ALL_TRUSTED test. No matter what what I > > set the ALL_TRUSTED score to in spam.assassin.prefs.conf it still > > fires with a score of -1.80. I have also added "trusted_networks" > > settings with the IP addresses of our internal mail server and it also > > > fires on messages received from untrusted IP's. > > > > I am using MailScanner 4.50.12-2 and SA 3.1. > > > > > > *Richard Edge* > > /Senior Systems Administrator |/ Technology Services Trinity Western > > University | t: 604.513.2089 > > f: 604.513.2038 | e: edge twu.ca| _www.twu.ca/technology_ > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store Professional > Support Services at www.MailScanner.biz MailScanner thanks transtec > Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > MailScanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > MailScanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Wed Feb 1 09:05:00 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Feb 1 09:05:09 2006 Subject: SurgeMail+Mailscanner info needed In-Reply-To: <5227ac5c0601311904v49a3796ha12ae37e2ad03744@mail.gmail.com> Message-ID: <003c01c6270e$94fb9960$3004010a@martinhlaptop> Hi Prob best to configure as an email gateway where mail hits the MS machine first and after processing is passed onto the surgemail/ms-exch/whatever server. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of BG Mahesh > Sent: 01 February 2006 03:04 > To: mailscanner@lists.mailscanner.info > Subject: SurgeMail+Mailscanner info needed > > > hi > > Is anyone using Mailscanner with Surgemail [surgemail.com]? How easy is to > set it up. > > -- > -- > B.G. Mahesh ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From MailScanner at ecs.soton.ac.uk Wed Feb 1 09:20:43 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 09:21:05 2006 Subject: MailScanner ANNOUNCE: 4.50 released Message-ID: <940603D9-0CFD-4E02-BB91-1F7AD9E48118@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Morning all, A major new release this month, with around 40 new features and improvements. The major highlights are: - - Great speed improvements. Many sites are seeing 40% speed improvement. - - Auto-detection of installed virus scanners. - - Zero-configuration required on sendmail systems. You no longer need to set configuration options in MailScanner.conf, it will auto-detect the presence of SpamAssassin and your virus scanning engines. - - New UU-decoder to allow filename and filetype traps in UU-encoded files inside attachments. - - Many command-line options added to the "MailScanner" command so you can test your configuration, evaluate rulesets and debug your installation without have to set the debug options in MailScanner.conf. Type "MailScanner --help" for more information. "MailScanner --lint" is particularly useful. Download this major update from www.mailscanner.info ** Please note you will need to run the installation script ./ install.sh as several new modules have been added to it to support the new features. The whole Change Log is this: (as you can see, it has been a busy month :-) - - Speed increased significantly! Caches SpamAssassin results. Note you need to run my install.sh script to get the new modules required. - - If "Virus Scanners = auto" (ie. the installed default value) then it searches for and uses every available installed virus scanner. - - Added SpamAssassin cache analyser (analyse_SpamAssassin_cache) to the distributions. 99% written by Steve Freegard of MailWatch fame. - - Upgraded ClamAV+SA bundle to ClamAV 0.88. - - Added default headers that Thunderbird 1.5 will use to automatically identify spam based on SpamAssassin's spam headers. - - Added UU-decoder to automatically extract files from attachments that were stored in uu-encoded form. This behaves similarly to the zip and rar decoders. The virus scanners should check inside these files for themselves anyway, but this assists them when they do not. It also allows for filename and filetype checking of files stored in uu-encoded attachments. - - Added configuration option "Find UU-Encoded Files" to set whether uu-encoded files are decoded or not. These files are very rarely used, and the overhead of finding them is fairly large as it involves reading all existing attachments looking for the signature of them. So the default is to not look for them. A ruleset can be used to protect particularly vulnerable recipients or senders. - - You can now start up MailScanner without changing MailScanner.conf at all. It will auto-detect SpamAssassin and all available virus scanners. - - Changed default setting to "Use SpamAssassin = yes" and now auto- detect installation of SpamAssassin, logging installation instructions if it is not already installed and working. - - Added DBI and DBD::SQLite Perl modules. Please use my install.sh scripts when you upgrade or install this version. - - Added American spelling of "analyze_SpamAssassin_cache" as well as English spelling of "analyse_SpamAssassin_cache". - - DBI installation is forced in RPM distributions. - - Improved RPM installer to handle DBI module dependencies better. It now installs cleanly on the systems I have tested it on. These include Fedora Core 3, Fedora Core 4, SuSE 9.3, SuSE 10, RedHat Enterprise 4. - - Made log warnings more obvious when DBI/DBD::SQLite/Digest::MD5 are not all installed properly. - - Improved comments about "Allow Filenames" and "Allow Filetypes" in MailScanner.conf. - - Improvement to F-Prot output parser to handle new strings. - - Changed filename/type traps to account for new vulnerability in TNEF files. - - Adapted trend-autoupdate for 2006 onwards. - - --help implemented so you can see how to use it now. - - --debug now written. Works just like "Debug = yes" in MailScanner.conf. - - --debug-sa now written. Works just like "Debug SpamAssassin = yes". - - --check ruleset-checker now written. Takes max 1 from address, multiple to addresses, client IP address and virus name. - - Added a new command-line parameter "--lint" to verify the config file. - - --lint now prints what virus scanners you have chosen to use, and what - - --lint now checks SpamAssassin configuration too. scanners it can find installed. - - Added hi-res timing so the batch speed timings are now displayed to micro- second accuracy. - - Added Time::HiRes to the list of required modules. You must use ./ install.sh to upgrade to, or install, this version in order to get the new module. Time taken to process the entire batch is logged, and time taken to do "Always Looked Up Last" is logged separately if it is being used at all. - - Added check that MailScanner.conf has at least been customised to set the organisation name, long name and web site. - - Added "SpamAssassin Cache Timings" configuration option for the few people who need to adjust these settings. Do *not* change it unless you really know what you are doing, the default settings will work nicely. - - Updated important perl modules. - - Removed duplicate logging of warnings about infected messages. - - Added detection of no virus scanners being installed, giving the user advice about how to install ClamAV using my easy-installation package. - - Improved ClamAV+SA easy-installation package so that it automatically enables the updates by commenting out the "Example" lines. - - Changed default Lock Type for sendmail to "posix" instead of "flock" as new Linux systems (the most popular platform by far) run sendmail 8.13 or later, which requires this to be "posix". - - Upgraded Sys::Hostname::Long and HTML::Parser in ClamAV+SA package. - - Disabled movie format "deny" rules in filetype.rules.conf and have enabled filetype checking by default. - - Updated man pages. - - Updated AVG parser to handle latest version 7.1. - - Added "Always Looked Up Last After Batch" which is looked up after the "Always Looked Up Last" option. The 2nd of those is looked up once for each message, the "...After Batch" value is looked up once for the entire batch. It is only intended for use with a Custom Function, its value is ignored. * Fixes * - - Improved reliability of Bayes rebuilds a lot. - - Force installation of DBI as previous versions cause problems. - - Removed broken patch I was given, which was temporarily in 4.50. - - Packaging bug in 4.50.9-1 fixed. MailTools version typo. - - Fixed bug where temporary files were not cleaned up properly. - - Fixed missing HTML-Parser 3.48 package. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+B9bfw32o+k+q+hAQHw7QgAikH91ilicxP4r702IjugoHQ4z1hfBMaW N30eiEJ9eud09h9qi7XBNAzDd/oqXgiue/jzzh9KzIqIxHiGTfcr/FsASP3vWicK Sffq4Nru8zPwetbvaNQ/COhuRuOmp1pyQFg0aSFDX5TZDm2GcZPxen7HfrVUplV3 4Ovat/RqvSxMltYNPUmlj0xA/T6lekfSdme0dsU0gtY5BoYzhH4mmfvS7FGwJvES SKXkH9ggPvTqDAB/5Mi9hbJUZNc4dfWzV76R2bQ6BF6PK47xUf1o87kLGg0hhO3Z 6mGgVrYWvFOdE3uwdqCZ2O5zY/lK4Qbi533BylsAYwgo/Qu3iZ7hbg== =qFA6 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From anders.andersson at ltkalmar.se Wed Feb 1 10:01:21 2006 From: anders.andersson at ltkalmar.se (Anders Andersson, IT) Date: Wed Feb 1 10:02:11 2006 Subject: sendmail greet_pause feature Message-ID: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Jim Holland > Sent: Wednesday, February 01, 2006 9:12 AM > To: MailScanner mailing list > Subject: OT: sendmail greet_pause feature > > Perhaps other sendmail users know all about this, but I have > only looked at it for the first time. > > I run sendmail 8.13.1 and have decided to implement the > greet_pause feature for the first time (after seeing that it > is a default option in Debian installations). This requires > a specified delay after connection, which can be network > specific, before a client system is allowed to send any SMTP > commands. Any client that breaks normal SMTP protocols by > trying to force commands before receiving the go-ahead is > immediately disconnected. This seems to distinguish very > successfully between genuine mailers and spammers/viruses > that are not RFC-compliant. > > Using a 5 second delay I have found that the system has > blocked over 3200 connections in the first 24 hours I used > it. The client systems were all typical of spammers, with > adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR > record at all. I found only four systems in the blocked > group that looked as if they were genuine. On further > investigation I found that earlier log records for some of > those sites indicated behaviour typical of virus infections > in any case. I second that, thoguh I raised mine to 25 sec just for the fun of it. I started low but raised it by 5 sec eeverytime and its been running smooth. So far no one complained and the ones we have a great mailexchange with been added to acces list /Anders > > To implement the feature: > > Add the following to the sendmail.mc file: > > FEATURE(`greet_pause', `5000')dnl 5 seconds > > Rebuild sendmail and restart MailScanner: > > m4 < sendmail.mc > sendmail.cf > service MailScanner restart > > Then specific entries for client hostname, domain, IP address > or subnet can be put in the access file: > > GreetPause:my.domain 0 > GreetPause:example.com 5000 > GreetPause:10.1.2 2000 > GreetPause:127.0.0.1 0 > > Definitely worth a look I would say, as it blocks large > numbers of spammers before they are allowed to send any data, > with very low risk of blocking genuine systems. It even > seems to allow genuine mail from infected systems to be > accepted while blocking viruses from those same systems > before the DATA phase - as many viruses seem to behave rather > impolitely :-) > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service From roger at rudnick.com.br Wed Feb 1 10:26:28 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Wed Feb 1 10:26:26 2006 Subject: sendmail greet_pause feature References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> Message-ID: <023301c62719$f6c921c0$0600a8c0@roger> I'm using the rpm version of sendmail in my centos-3 box (sendmail 8.12) and I would like to upgrade to sendmail 8.13 to use this feature, that seems really great. Is there some problem I should be aware, or the tar.gz version found at sendmail.org would work fine on my machine? Anyone using 8.13 at centos-3 or some similar OS? Regards Roger Jochem ----- Original Message ----- From: "Anders Andersson, IT" To: "MailScanner discussion" Sent: Wednesday, February 01, 2006 8:01 AM Subject: RE: sendmail greet_pause feature >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Jim Holland >> Sent: Wednesday, February 01, 2006 9:12 AM >> To: MailScanner mailing list >> Subject: OT: sendmail greet_pause feature >> >> Perhaps other sendmail users know all about this, but I have >> only looked at it for the first time. >> >> I run sendmail 8.13.1 and have decided to implement the >> greet_pause feature for the first time (after seeing that it >> is a default option in Debian installations). This requires >> a specified delay after connection, which can be network >> specific, before a client system is allowed to send any SMTP >> commands. Any client that breaks normal SMTP protocols by >> trying to force commands before receiving the go-ahead is >> immediately disconnected. This seems to distinguish very >> successfully between genuine mailers and spammers/viruses >> that are not RFC-compliant. >> >> Using a 5 second delay I have found that the system has >> blocked over 3200 connections in the first 24 hours I used >> it. The client systems were all typical of spammers, with >> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR >> record at all. I found only four systems in the blocked >> group that looked as if they were genuine. On further >> investigation I found that earlier log records for some of >> those sites indicated behaviour typical of virus infections >> in any case. > > I second that, thoguh I raised mine to 25 sec just for the fun of it. I > started low but raised it by 5 sec eeverytime and its been running > smooth. So far no one complained and the ones we have a great > mailexchange with been added to acces list > > /Anders > >> >> To implement the feature: >> >> Add the following to the sendmail.mc file: >> >> FEATURE(`greet_pause', `5000')dnl 5 seconds >> >> Rebuild sendmail and restart MailScanner: >> >> m4 < sendmail.mc > sendmail.cf >> service MailScanner restart >> >> Then specific entries for client hostname, domain, IP address >> or subnet can be put in the access file: >> >> GreetPause:my.domain 0 >> GreetPause:example.com 5000 >> GreetPause:10.1.2 2000 >> GreetPause:127.0.0.1 0 >> >> Definitely worth a look I would say, as it blocks large >> numbers of spammers before they are allowed to send any data, >> with very low risk of blocking genuine systems. It even >> seems to allow genuine mail from infected systems to be >> accepted while blocking viruses from those same systems >> before the DATA phase - as many viruses seem to behave rather >> impolitely :-) >> >> Regards >> >> Jim Holland >> System Administrator >> MANGO - Zimbabwe's non-profit e-mail service > -- > MailScanner mailing list > MailScanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Feb 1 10:34:44 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 10:34:53 2006 Subject: sendmail greet_pause feature In-Reply-To: <023301c62719$f6c921c0$0600a8c0@roger> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Don't forget to change MailScanner.conf to Lock Type = posix when you upgrade sendmail to 8.13. You should be able to find a good RPM of this, so you don't build it from source and put everything in odd locations. Try http:// dag.wieers.com/ and search his RPM repository. On 1 Feb 2006, at 10:26, Roger Jochem wrote: > I'm using the rpm version of sendmail in my centos-3 box (sendmail > 8.12) and I would like to upgrade to sendmail 8.13 to use this > feature, that seems really great. Is there some problem I should be > aware, or the tar.gz version found at sendmail.org would work fine > on my machine? Anyone using 8.13 at centos-3 or some similar OS? > > Regards > > Roger Jochem > > ----- Original Message ----- From: "Anders Andersson, IT" > > To: "MailScanner discussion" > Sent: Wednesday, February 01, 2006 8:01 AM > Subject: RE: sendmail greet_pause feature > > >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>> Of Jim Holland >>> Sent: Wednesday, February 01, 2006 9:12 AM >>> To: MailScanner mailing list >>> Subject: OT: sendmail greet_pause feature >>> >>> Perhaps other sendmail users know all about this, but I have >>> only looked at it for the first time. >>> >>> I run sendmail 8.13.1 and have decided to implement the >>> greet_pause feature for the first time (after seeing that it >>> is a default option in Debian installations). This requires >>> a specified delay after connection, which can be network >>> specific, before a client system is allowed to send any SMTP >>> commands. Any client that breaks normal SMTP protocols by >>> trying to force commands before receiving the go-ahead is >>> immediately disconnected. This seems to distinguish very >>> successfully between genuine mailers and spammers/viruses >>> that are not RFC-compliant. >>> >>> Using a 5 second delay I have found that the system has >>> blocked over 3200 connections in the first 24 hours I used >>> it. The client systems were all typical of spammers, with >>> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR >>> record at all. I found only four systems in the blocked >>> group that looked as if they were genuine. On further >>> investigation I found that earlier log records for some of >>> those sites indicated behaviour typical of virus infections >>> in any case. >> >> I second that, thoguh I raised mine to 25 sec just for the fun of >> it. I >> started low but raised it by 5 sec eeverytime and its been running >> smooth. So far no one complained and the ones we have a great >> mailexchange with been added to acces list >> >> /Anders >> >>> >>> To implement the feature: >>> >>> Add the following to the sendmail.mc file: >>> >>> FEATURE(`greet_pause', `5000')dnl 5 seconds >>> >>> Rebuild sendmail and restart MailScanner: >>> >>> m4 < sendmail.mc > sendmail.cf >>> service MailScanner restart >>> >>> Then specific entries for client hostname, domain, IP address >>> or subnet can be put in the access file: >>> >>> GreetPause:my.domain 0 >>> GreetPause:example.com 5000 >>> GreetPause:10.1.2 2000 >>> GreetPause:127.0.0.1 0 >>> >>> Definitely worth a look I would say, as it blocks large >>> numbers of spammers before they are allowed to send any data, >>> with very low risk of blocking genuine systems. It even >>> seems to allow genuine mail from infected systems to be >>> accepted while blocking viruses from those same systems >>> before the DATA phase - as many viruses seem to behave rather >>> impolitely :-) >>> >>> Regards >>> >>> Jim Holland >>> System Administrator >>> MANGO - Zimbabwe's non-profit e-mail service >> -- >> MailScanner mailing list >> MailScanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > MailScanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+COxvw32o+k+q+hAQEk7wf/Q9y6EeZmJCzFbTlpFvss0uhmMK/2udxG 1sSAG0ZkIF6MdWbsIumW/LX8nmq7H5JoJAApLF7k6FgfVhgBgINe1ZTpY9qEC3Pn ByuSoTuCudkLxp/OxCvhl6oTFkSRfN9ESnl58Q7Ydgjr8CUzaRh3DxPEmE+8s0tC pdAoiW3JOGgk0Y8T9k+LZov8SucJWPeQnm6YbZJSfe72Gx6Equ3D8Mm2VdK1/tkB Pc24EilDpqJyuYAwWK7CT3xJOWin4u5zf6TOQfcJwAgM5grPwU8AW+/aU3O+iN6q lff0F9v5Xx08ShTCd5ZUw5zvUWSts3orF7O0czO58/h6MpveiNtwuA== =QCbF -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From roger at rudnick.com.br Wed Feb 1 10:44:37 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Wed Feb 1 10:44:33 2006 Subject: sendmail greet_pause feature References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se><023301c62719$f6c921c0$0600a8c0@roger> Message-ID: <025101c6271c$7fe54fe0$0600a8c0@roger> Dag Wieers repository has only sendmail 8.12, or I'm missing it. http://dag.wieers.com/packages/sendmail/ ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Wednesday, February 01, 2006 8:34 AM Subject: Re: sendmail greet_pause feature > -----BEGIN PGP SIGNED MESSAGE----- > > Don't forget to change MailScanner.conf to > Lock Type = posix > when you upgrade sendmail to 8.13. > > You should be able to find a good RPM of this, so you don't build it > from source and put everything in odd locations. Try http:// > dag.wieers.com/ and search his RPM repository. > > On 1 Feb 2006, at 10:26, Roger Jochem wrote: > >> I'm using the rpm version of sendmail in my centos-3 box (sendmail >> 8.12) and I would like to upgrade to sendmail 8.13 to use this >> feature, that seems really great. Is there some problem I should be >> aware, or the tar.gz version found at sendmail.org would work fine >> on my machine? Anyone using 8.13 at centos-3 or some similar OS? >> >> Regards >> >> Roger Jochem >> >> ----- Original Message ----- From: "Anders Andersson, IT" >> >> To: "MailScanner discussion" >> Sent: Wednesday, February 01, 2006 8:01 AM >> Subject: RE: sendmail greet_pause feature >> >> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>> Of Jim Holland >>>> Sent: Wednesday, February 01, 2006 9:12 AM >>>> To: MailScanner mailing list >>>> Subject: OT: sendmail greet_pause feature >>>> >>>> Perhaps other sendmail users know all about this, but I have >>>> only looked at it for the first time. >>>> >>>> I run sendmail 8.13.1 and have decided to implement the >>>> greet_pause feature for the first time (after seeing that it >>>> is a default option in Debian installations). This requires >>>> a specified delay after connection, which can be network >>>> specific, before a client system is allowed to send any SMTP >>>> commands. Any client that breaks normal SMTP protocols by >>>> trying to force commands before receiving the go-ahead is >>>> immediately disconnected. This seems to distinguish very >>>> successfully between genuine mailers and spammers/viruses >>>> that are not RFC-compliant. >>>> >>>> Using a 5 second delay I have found that the system has >>>> blocked over 3200 connections in the first 24 hours I used >>>> it. The client systems were all typical of spammers, with >>>> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR >>>> record at all. I found only four systems in the blocked >>>> group that looked as if they were genuine. On further >>>> investigation I found that earlier log records for some of >>>> those sites indicated behaviour typical of virus infections >>>> in any case. >>> >>> I second that, thoguh I raised mine to 25 sec just for the fun of >>> it. I >>> started low but raised it by 5 sec eeverytime and its been running >>> smooth. So far no one complained and the ones we have a great >>> mailexchange with been added to acces list >>> >>> /Anders >>> >>>> >>>> To implement the feature: >>>> >>>> Add the following to the sendmail.mc file: >>>> >>>> FEATURE(`greet_pause', `5000')dnl 5 seconds >>>> >>>> Rebuild sendmail and restart MailScanner: >>>> >>>> m4 < sendmail.mc > sendmail.cf >>>> service MailScanner restart >>>> >>>> Then specific entries for client hostname, domain, IP address >>>> or subnet can be put in the access file: >>>> >>>> GreetPause:my.domain 0 >>>> GreetPause:example.com 5000 >>>> GreetPause:10.1.2 2000 >>>> GreetPause:127.0.0.1 0 >>>> >>>> Definitely worth a look I would say, as it blocks large >>>> numbers of spammers before they are allowed to send any data, >>>> with very low risk of blocking genuine systems. It even >>>> seems to allow genuine mail from infected systems to be >>>> accepted while blocking viruses from those same systems >>>> before the DATA phase - as many viruses seem to behave rather >>>> impolitely :-) >>>> >>>> Regards >>>> >>>> Jim Holland >>>> System Administrator >>>> MANGO - Zimbabwe's non-profit e-mail service >>> -- >>> MailScanner mailing list >>> MailScanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> -- >> MailScanner mailing list >> MailScanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.4 (Build 4042) > > iQEVAwUBQ+COxvw32o+k+q+hAQEk7wf/Q9y6EeZmJCzFbTlpFvss0uhmMK/2udxG > 1sSAG0ZkIF6MdWbsIumW/LX8nmq7H5JoJAApLF7k6FgfVhgBgINe1ZTpY9qEC3Pn > ByuSoTuCudkLxp/OxCvhl6oTFkSRfN9ESnl58Q7Ydgjr8CUzaRh3DxPEmE+8s0tC > pdAoiW3JOGgk0Y8T9k+LZov8SucJWPeQnm6YbZJSfe72Gx6Equ3D8Mm2VdK1/tkB > Pc24EilDpqJyuYAwWK7CT3xJOWin4u5zf6TOQfcJwAgM5grPwU8AW+/aU3O+iN6q > lff0F9v5Xx08ShTCd5ZUw5zvUWSts3orF7O0czO58/h6MpveiNtwuA== > =QCbF > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > MailScanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From prandal at herefordshire.gov.uk Wed Feb 1 10:49:08 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Feb 1 10:49:16 2006 Subject: sendmail greet_pause feature Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580B0D364D@isabella.herefordshire.gov.uk> You could always try grabbing the Centos 4.2 sendmail 8.13 source RPM and rebuilding: rpm --rebuild http://anorien.csc.warwick.ac.uk/mirrors/centos/4.2/os/SRPMS/sendmail-8. 13.1-2.src.rpm for example, and then installing (and reconfiguring as necessary). Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Roger Jochem > Sent: 01 February 2006 10:26 > To: MailScanner discussion > Subject: Re: sendmail greet_pause feature > > I'm using the rpm version of sendmail in my centos-3 box > (sendmail 8.12) and I would like to upgrade to sendmail 8.13 > to use this feature, that seems really great. Is there some > problem I should be aware, or the tar.gz version found at > sendmail.org would work fine on my machine? Anyone using 8.13 at > centos-3 or some similar OS? > > Regards > > Roger Jochem > > ----- Original Message ----- > From: "Anders Andersson, IT" > To: "MailScanner discussion" > Sent: Wednesday, February 01, 2006 8:01 AM > Subject: RE: sendmail greet_pause feature > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > >> Of Jim Holland > >> Sent: Wednesday, February 01, 2006 9:12 AM > >> To: MailScanner mailing list > >> Subject: OT: sendmail greet_pause feature > >> > >> Perhaps other sendmail users know all about this, but I have > >> only looked at it for the first time. > >> > >> I run sendmail 8.13.1 and have decided to implement the > >> greet_pause feature for the first time (after seeing that it > >> is a default option in Debian installations). This requires > >> a specified delay after connection, which can be network > >> specific, before a client system is allowed to send any SMTP > >> commands. Any client that breaks normal SMTP protocols by > >> trying to force commands before receiving the go-ahead is > >> immediately disconnected. This seems to distinguish very > >> successfully between genuine mailers and spammers/viruses > >> that are not RFC-compliant. > >> > >> Using a 5 second delay I have found that the system has > >> blocked over 3200 connections in the first 24 hours I used > >> it. The client systems were all typical of spammers, with > >> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR > >> record at all. I found only four systems in the blocked > >> group that looked as if they were genuine. On further > >> investigation I found that earlier log records for some of > >> those sites indicated behaviour typical of virus infections > >> in any case. > > > > I second that, thoguh I raised mine to 25 sec just for the > fun of it. I > > started low but raised it by 5 sec eeverytime and its been running > > smooth. So far no one complained and the ones we have a great > > mailexchange with been added to acces list > > > > /Anders > > > >> > >> To implement the feature: > >> > >> Add the following to the sendmail.mc file: > >> > >> FEATURE(`greet_pause', `5000')dnl 5 seconds > >> > >> Rebuild sendmail and restart MailScanner: > >> > >> m4 < sendmail.mc > sendmail.cf > >> service MailScanner restart > >> > >> Then specific entries for client hostname, domain, IP address > >> or subnet can be put in the access file: > >> > >> GreetPause:my.domain 0 > >> GreetPause:example.com 5000 > >> GreetPause:10.1.2 2000 > >> GreetPause:127.0.0.1 0 > >> > >> Definitely worth a look I would say, as it blocks large > >> numbers of spammers before they are allowed to send any data, > >> with very low risk of blocking genuine systems. It even > >> seems to allow genuine mail from infected systems to be > >> accepted while blocking viruses from those same systems > >> before the DATA phase - as many viruses seem to behave rather > >> impolitely :-) > >> > >> Regards > >> > >> Jim Holland > >> System Administrator > >> MANGO - Zimbabwe's non-profit e-mail service > > -- > > MailScanner mailing list > > MailScanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > MailScanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From roger at rudnick.com.br Wed Feb 1 10:57:10 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Wed Feb 1 10:57:06 2006 Subject: sendmail greet_pause feature References: <86144ED6CE5B004DA23E1EAC0B569B580B0D364D@isabella.herefordshire.gov.uk> Message-ID: <026901c6271e$402a6460$0600a8c0@roger> I will try that... Thanks... ----- Original Message ----- From: "Randal, Phil" To: "MailScanner discussion" Sent: Wednesday, February 01, 2006 8:49 AM Subject: RE: sendmail greet_pause feature > You could always try grabbing the Centos 4.2 sendmail 8.13 source RPM > and rebuilding: > > rpm --rebuild > http://anorien.csc.warwick.ac.uk/mirrors/centos/4.2/os/SRPMS/sendmail-8. > 13.1-2.src.rpm > > for example, and then installing (and reconfiguring as necessary). > > Cheers, > > Phil > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Roger Jochem >> Sent: 01 February 2006 10:26 >> To: MailScanner discussion >> Subject: Re: sendmail greet_pause feature >> >> I'm using the rpm version of sendmail in my centos-3 box >> (sendmail 8.12) and I would like to upgrade to sendmail 8.13 >> to use this feature, that seems really great. Is there some >> problem I should be aware, or the tar.gz version found at >> sendmail.org would work fine on my machine? Anyone using 8.13 at >> centos-3 or some similar OS? >> >> Regards >> >> Roger Jochem >> >> ----- Original Message ----- >> From: "Anders Andersson, IT" >> To: "MailScanner discussion" >> Sent: Wednesday, February 01, 2006 8:01 AM >> Subject: RE: sendmail greet_pause feature >> >> >> >> -----Original Message----- >> >> From: mailscanner-bounces@lists.mailscanner.info >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> >> Of Jim Holland >> >> Sent: Wednesday, February 01, 2006 9:12 AM >> >> To: MailScanner mailing list >> >> Subject: OT: sendmail greet_pause feature >> >> >> >> Perhaps other sendmail users know all about this, but I have >> >> only looked at it for the first time. >> >> >> >> I run sendmail 8.13.1 and have decided to implement the >> >> greet_pause feature for the first time (after seeing that it >> >> is a default option in Debian installations). This requires >> >> a specified delay after connection, which can be network >> >> specific, before a client system is allowed to send any SMTP >> >> commands. Any client that breaks normal SMTP protocols by >> >> trying to force commands before receiving the go-ahead is >> >> immediately disconnected. This seems to distinguish very >> >> successfully between genuine mailers and spammers/viruses >> >> that are not RFC-compliant. >> >> >> >> Using a 5 second delay I have found that the system has >> >> blocked over 3200 connections in the first 24 hours I used >> >> it. The client systems were all typical of spammers, with >> >> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR >> >> record at all. I found only four systems in the blocked >> >> group that looked as if they were genuine. On further >> >> investigation I found that earlier log records for some of >> >> those sites indicated behaviour typical of virus infections >> >> in any case. >> > >> > I second that, thoguh I raised mine to 25 sec just for the >> fun of it. I >> > started low but raised it by 5 sec eeverytime and its been running >> > smooth. So far no one complained and the ones we have a great >> > mailexchange with been added to acces list >> > >> > /Anders >> > >> >> >> >> To implement the feature: >> >> >> >> Add the following to the sendmail.mc file: >> >> >> >> FEATURE(`greet_pause', `5000')dnl 5 seconds >> >> >> >> Rebuild sendmail and restart MailScanner: >> >> >> >> m4 < sendmail.mc > sendmail.cf >> >> service MailScanner restart >> >> >> >> Then specific entries for client hostname, domain, IP address >> >> or subnet can be put in the access file: >> >> >> >> GreetPause:my.domain 0 >> >> GreetPause:example.com 5000 >> >> GreetPause:10.1.2 2000 >> >> GreetPause:127.0.0.1 0 >> >> >> >> Definitely worth a look I would say, as it blocks large >> >> numbers of spammers before they are allowed to send any data, >> >> with very low risk of blocking genuine systems. It even >> >> seems to allow genuine mail from infected systems to be >> >> accepted while blocking viruses from those same systems >> >> before the DATA phase - as many viruses seem to behave rather >> >> impolitely :-) >> >> >> >> Regards >> >> >> >> Jim Holland >> >> System Administrator >> >> MANGO - Zimbabwe's non-profit e-mail service >> > -- >> > MailScanner mailing list >> > MailScanner@lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> >> -- >> MailScanner mailing list >> MailScanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > MailScanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From prandal at herefordshire.gov.uk Wed Feb 1 11:28:20 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Feb 1 11:28:32 2006 Subject: sendmail greet_pause feature Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580B0D3663@isabella.herefordshire.gov.uk> A quick check reveals that you're going to need to do rpm --rebuild --nodeps sendmail.... because the SRPM "requires" a later version of "setup". No guarantees here. Seemed to build ok on my Fedora Core 1 box here but I can't test it as it is a production box. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Roger Jochem > Sent: 01 February 2006 10:57 > To: MailScanner discussion > Subject: Re: sendmail greet_pause feature > > I will try that... > > Thanks... > > ----- Original Message ----- > From: "Randal, Phil" > To: "MailScanner discussion" > Sent: Wednesday, February 01, 2006 8:49 AM > Subject: RE: sendmail greet_pause feature > > > > You could always try grabbing the Centos 4.2 sendmail 8.13 > source RPM > > and rebuilding: > > > > rpm --rebuild > > > http://anorien.csc.warwick.ac.uk/mirrors/centos/4.2/os/SRPMS/s > endmail-8. > > 13.1-2.src.rpm > > > > for example, and then installing (and reconfiguring as necessary). > > > > Cheers, > > > > Phil > > > > ---- > > Phil Randal > > Network Engineer > > Herefordshire Council > > Hereford, UK > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > >> Of Roger Jochem > >> Sent: 01 February 2006 10:26 > >> To: MailScanner discussion > >> Subject: Re: sendmail greet_pause feature > >> > >> I'm using the rpm version of sendmail in my centos-3 box > >> (sendmail 8.12) and I would like to upgrade to sendmail 8.13 > >> to use this feature, that seems really great. Is there some > >> problem I should be aware, or the tar.gz version found at > >> sendmail.org would work fine on my machine? Anyone using 8.13 at > >> centos-3 or some similar OS? > >> > >> Regards > >> > >> Roger Jochem > >> > >> ----- Original Message ----- > >> From: "Anders Andersson, IT" > >> To: "MailScanner discussion" > >> Sent: Wednesday, February 01, 2006 8:01 AM > >> Subject: RE: sendmail greet_pause feature > >> > >> > >> >> -----Original Message----- > >> >> From: mailscanner-bounces@lists.mailscanner.info > >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > >> >> Of Jim Holland > >> >> Sent: Wednesday, February 01, 2006 9:12 AM > >> >> To: MailScanner mailing list > >> >> Subject: OT: sendmail greet_pause feature > >> >> > >> >> Perhaps other sendmail users know all about this, but I have > >> >> only looked at it for the first time. > >> >> > >> >> I run sendmail 8.13.1 and have decided to implement the > >> >> greet_pause feature for the first time (after seeing that it > >> >> is a default option in Debian installations). This requires > >> >> a specified delay after connection, which can be network > >> >> specific, before a client system is allowed to send any SMTP > >> >> commands. Any client that breaks normal SMTP protocols by > >> >> trying to force commands before receiving the go-ahead is > >> >> immediately disconnected. This seems to distinguish very > >> >> successfully between genuine mailers and spammers/viruses > >> >> that are not RFC-compliant. > >> >> > >> >> Using a 5 second delay I have found that the system has > >> >> blocked over 3200 connections in the first 24 hours I used > >> >> it. The client systems were all typical of spammers, with > >> >> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR > >> >> record at all. I found only four systems in the blocked > >> >> group that looked as if they were genuine. On further > >> >> investigation I found that earlier log records for some of > >> >> those sites indicated behaviour typical of virus infections > >> >> in any case. > >> > > >> > I second that, thoguh I raised mine to 25 sec just for the > >> fun of it. I > >> > started low but raised it by 5 sec eeverytime and its > been running > >> > smooth. So far no one complained and the ones we have a great > >> > mailexchange with been added to acces list > >> > > >> > /Anders > >> > > >> >> > >> >> To implement the feature: > >> >> > >> >> Add the following to the sendmail.mc file: > >> >> > >> >> FEATURE(`greet_pause', `5000')dnl 5 seconds > >> >> > >> >> Rebuild sendmail and restart MailScanner: > >> >> > >> >> m4 < sendmail.mc > sendmail.cf > >> >> service MailScanner restart > >> >> > >> >> Then specific entries for client hostname, domain, IP address > >> >> or subnet can be put in the access file: > >> >> > >> >> GreetPause:my.domain 0 > >> >> GreetPause:example.com 5000 > >> >> GreetPause:10.1.2 2000 > >> >> GreetPause:127.0.0.1 0 > >> >> > >> >> Definitely worth a look I would say, as it blocks large > >> >> numbers of spammers before they are allowed to send any data, > >> >> with very low risk of blocking genuine systems. It even > >> >> seems to allow genuine mail from infected systems to be > >> >> accepted while blocking viruses from those same systems > >> >> before the DATA phase - as many viruses seem to behave rather > >> >> impolitely :-) > >> >> > >> >> Regards > >> >> > >> >> Jim Holland > >> >> System Administrator > >> >> MANGO - Zimbabwe's non-profit e-mail service > >> > -- > >> > MailScanner mailing list > >> > MailScanner@lists.mailscanner.info > >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > > >> > Before posting, read http://wiki.mailscanner.info/posting > >> > > >> > Support MailScanner development - buy the book off the website! > >> > >> -- > >> MailScanner mailing list > >> MailScanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > -- > > MailScanner mailing list > > MailScanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > MailScanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From C.P.Mills at cranfield.ac.uk Wed Feb 1 11:46:47 2006 From: C.P.Mills at cranfield.ac.uk (Mills Mr C P) Date: Wed Feb 1 11:48:11 2006 Subject: Notifying users of password protected files being blocked Message-ID: <8612FDC208266E419168366E1D2E3B797B0FD1@CranfieldMail.shrivenham.cranfield.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3094 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/30f05abb/smime.bin From oliver at linux-kernel.at Wed Feb 1 11:50:15 2006 From: oliver at linux-kernel.at (Oliver Falk) Date: Wed Feb 1 11:50:17 2006 Subject: sendmail greet_pause feature In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580B0D364D@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580B0D364D@isabella.herefordshire.gov.uk> Message-ID: <43E0A077.8070906@linux-kernel.at> On 02/01/2006 11:49 AM, Randal, Phil wrote: > You could always try grabbing the Centos 4.2 sendmail 8.13 source RPM > and rebuilding: > > rpm --rebuild > http://anorien.csc.warwick.ac.uk/mirrors/centos/4.2/os/SRPMS/sendmail-8. > 13.1-2.src.rpm > > for example, and then installing (and reconfiguring as necessary). Go to http://rpms.linux-kernel.at/ and search for sendmail. You'll find srpms that will work fine with CentOS and you'll also find rpms for CentOS 3 and 4.1. Best, Oliver > Cheers, > > Phil > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Roger Jochem >> Sent: 01 February 2006 10:26 >> To: MailScanner discussion >> Subject: Re: sendmail greet_pause feature >> >> I'm using the rpm version of sendmail in my centos-3 box >> (sendmail 8.12) and I would like to upgrade to sendmail 8.13 >> to use this feature, that seems really great. Is there some >> problem I should be aware, or the tar.gz version found at >> sendmail.org would work fine on my machine? Anyone using 8.13 at >> centos-3 or some similar OS? >> >> Regards >> >> Roger Jochem >> >> ----- Original Message ----- >> From: "Anders Andersson, IT" >> To: "MailScanner discussion" >> Sent: Wednesday, February 01, 2006 8:01 AM >> Subject: RE: sendmail greet_pause feature >> >> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>> Of Jim Holland >>>> Sent: Wednesday, February 01, 2006 9:12 AM >>>> To: MailScanner mailing list >>>> Subject: OT: sendmail greet_pause feature >>>> >>>> Perhaps other sendmail users know all about this, but I have >>>> only looked at it for the first time. >>>> >>>> I run sendmail 8.13.1 and have decided to implement the >>>> greet_pause feature for the first time (after seeing that it >>>> is a default option in Debian installations). This requires >>>> a specified delay after connection, which can be network >>>> specific, before a client system is allowed to send any SMTP >>>> commands. Any client that breaks normal SMTP protocols by >>>> trying to force commands before receiving the go-ahead is >>>> immediately disconnected. This seems to distinguish very >>>> successfully between genuine mailers and spammers/viruses >>>> that are not RFC-compliant. >>>> >>>> Using a 5 second delay I have found that the system has >>>> blocked over 3200 connections in the first 24 hours I used >>>> it. The client systems were all typical of spammers, with >>>> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR >>>> record at all. I found only four systems in the blocked >>>> group that looked as if they were genuine. On further >>>> investigation I found that earlier log records for some of >>>> those sites indicated behaviour typical of virus infections >>>> in any case. >>> I second that, thoguh I raised mine to 25 sec just for the >> fun of it. I >>> started low but raised it by 5 sec eeverytime and its been running >>> smooth. So far no one complained and the ones we have a great >>> mailexchange with been added to acces list >>> >>> /Anders >>> >>>> To implement the feature: >>>> >>>> Add the following to the sendmail.mc file: >>>> >>>> FEATURE(`greet_pause', `5000')dnl 5 seconds >>>> >>>> Rebuild sendmail and restart MailScanner: >>>> >>>> m4 < sendmail.mc > sendmail.cf >>>> service MailScanner restart >>>> >>>> Then specific entries for client hostname, domain, IP address >>>> or subnet can be put in the access file: >>>> >>>> GreetPause:my.domain 0 >>>> GreetPause:example.com 5000 >>>> GreetPause:10.1.2 2000 >>>> GreetPause:127.0.0.1 0 >>>> >>>> Definitely worth a look I would say, as it blocks large >>>> numbers of spammers before they are allowed to send any data, >>>> with very low risk of blocking genuine systems. It even >>>> seems to allow genuine mail from infected systems to be >>>> accepted while blocking viruses from those same systems >>>> before the DATA phase - as many viruses seem to behave rather >>>> impolitely :-) >>>> >>>> Regards >>>> >>>> Jim Holland >>>> System Administrator >>>> MANGO - Zimbabwe's non-profit e-mail service >>> -- >>> MailScanner mailing list >>> MailScanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> -- >> MailScanner mailing list >> MailScanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> From sujithe at cdacb.ernet.in Wed Feb 1 11:40:33 2006 From: sujithe at cdacb.ernet.in (Sujith Emmanuel) Date: Wed Feb 1 11:59:27 2006 Subject: Installed MS 4.50 stable successfully Message-ID: <005201c62724$5008fcb0$283da8c0@cdacb.ernet.in> Dear all, I got to install the latest stable version MS 4.50 successfully on my RHEL 4 box. It is working fine and a lot faster than the earlier stable version. Kudos. When I run the new feature i.e. /usr/sbin/MailScanner -lint I don't get the virus scanners results correct. I had installed the clamAV+SA easy installation package from the site. But the result only shows bitdefender as given below. Read 700 hostnames from the phishing whitelist Config: calling custom init function SQLBlacklist Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhitelist Checking SpamAssassin errors (if you use it), this may take some time... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamavmodule bitdefender" Found these virus scanners installed: bitdefender Sysinfo: Sendmail is the default that comes with EL 4. Running on Linux imss.cdacb.ernet.in 2.6.9-5.EL #1 Wed Jan 5 19:22:18 EST 2005 i686 i686 i386 GNU/Linux This is Red Hat Enterprise Linux AS release 4 (Nahant) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.50.14 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.32 HTML::Entities 3.48 HTML::Parser 2.35 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.03 MIME::QuotedPrint 5.419 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.810 DB_File 1.11 DBD::SQLite 1.50 DBI 1.08 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.001000 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS 0.31 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI I had got a lot of conflict errors while installing MS for some perl modules. And one more thing, is Test::Pod necessary for the working? Thanks and regards Sujith Emmanuel -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/0e6e0543/attachment-0001.html From sujithem at cdacb.ernet.in Wed Feb 1 12:00:55 2006 From: sujithem at cdacb.ernet.in (Sujith Emmanuel) Date: Wed Feb 1 11:59:58 2006 Subject: Installed MS 4.50 stable successfully Message-ID: <005d01c62727$280ce7a0$283da8c0@cdacb.ernet.in> Dear all, I got to upgrade to the latest stable version MS 4.50 successfully on my RHEL 4 box. It is working fine and a lot faster than the earlier stable version. Kudos. When I run the new feature i.e. /usr/sbin/MailScanner -lint I don't get the virus scanners results correct. I had installed the clamAV+SA easy installation package from the site. But the result only shows bitdefender as given below. Read 700 hostnames from the phishing whitelist Config: calling custom init function SQLBlacklist Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhitelist Checking SpamAssassin errors (if you use it), this may take some time... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamavmodule bitdefender" Found these virus scanners installed: bitdefender Sysinfo: Sendmail is the default that comes with EL 4. Running on Linux imss.cdacb.ernet.in 2.6.9-5.EL #1 Wed Jan 5 19:22:18 EST 2005 i686 i686 i386 GNU/Linux This is Red Hat Enterprise Linux AS release 4 (Nahant) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.50.14 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.32 HTML::Entities 3.48 HTML::Parser 2.35 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.03 MIME::QuotedPrint 5.419 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.810 DB_File 1.11 DBD::SQLite 1.50 DBI 1.08 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.001000 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS 0.31 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI I had got a lot of conflict errors while installing MS for some perl modules. And one more thing, is Test::Pod necessary for the working? Thanks and regards Sujith Emmanuel -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/14015bf2/attachment.html From MailScanner at ecs.soton.ac.uk Wed Feb 1 12:11:13 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 12:11:23 2006 Subject: Installed MS 4.50 stable successfully In-Reply-To: <005d01c62727$280ce7a0$283da8c0@cdacb.ernet.in> References: <005d01c62727$280ce7a0$283da8c0@cdacb.ernet.in> Message-ID: <91931DE3-5411-43F4-8715-C6BCA85C17C5@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 487 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/583886ec/PGP.bin From prandal at herefordshire.gov.uk Wed Feb 1 12:14:00 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Feb 1 12:14:17 2006 Subject: Installed MS 4.50 stable successfully Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580B0D367C@isabella.herefordshire.gov.uk> Is ClamAVModule actually catching anything on that box? Was it before the update? Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Sujith Emmanuel Sent: 01 February 2006 11:41 To: mailscanner@lists.mailscanner.info Subject: Installed MS 4.50 stable successfully Dear all, I got to install the latest stable version MS 4.50 successfully on my RHEL 4 box. It is working fine and a lot faster than the earlier stable version. Kudos. When I run the new feature i.e. /usr/sbin/MailScanner -lint I don't get the virus scanners results correct. I had installed the clamAV+SA easy installation package from the site. But the result only shows bitdefender as given below. Read 700 hostnames from the phishing whitelist Config: calling custom init function SQLBlacklist Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhitelist Checking SpamAssassin errors (if you use it), this may take some time... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamavmodule bitdefender" Found these virus scanners installed: bitdefender Sysinfo: Sendmail is the default that comes with EL 4. Running on Linux imss.cdacb.ernet.in 2.6.9-5.EL #1 Wed Jan 5 19:22:18 EST 2005 i686 i686 i386 GNU/Linux This is Red Hat Enterprise Linux AS release 4 (Nahant) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.50.14 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.32 HTML::Entities 3.48 HTML::Parser 2.35 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.03 MIME::QuotedPrint 5.419 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.810 DB_File 1.11 DBD::SQLite 1.50 DBI 1.08 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.001000 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS 0.31 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI I had got a lot of conflict errors while installing MS for some perl modules. And one more thing, is Test::Pod necessary for the working? Thanks and regards Sujith Emmanuel -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/f6a60047/attachment.html From sujithem at cdacb.ernet.in Wed Feb 1 12:25:26 2006 From: sujithem at cdacb.ernet.in (Sujith Emmanuel) Date: Wed Feb 1 12:24:29 2006 Subject: Installed MS 4.50 stable successfully In-Reply-To: <91931DE3-5411-43F4-8715-C6BCA85C17C5@ecs.soton.ac.uk> Message-ID: <008001c6272a$955408e0$283da8c0@cdacb.ernet.in> Hello there, Thank you very much. Now the status is correct. Read 700 hostnames from the phishing whitelist Config: calling custom init function SQLBlacklist Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhitelist Checking SpamAssassin errors (if you use it), this may take some time... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamavmodule bitdefender" Found these virus scanners installed: bitdefender, clamavmodule Thanks again, I didn't know I had a problem till now. Regards, Sujith Emmanuel _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Wednesday, February 01, 2006 5:41 PM To: MailScanner discussion Subject: Re: Installed MS 4.50 stable successfully On 1 Feb 2006, at 12:00, Sujith Emmanuel wrote: When I run the new feature i.e. /usr/sbin/MailScanner -lint I don't get the virus scanners results correct. I had installed the clamAV+SA easy installation package from the site. But the result only shows bitdefender as given below. Read 700 hostnames from the phishing whitelist Config: calling custom init function SQLBlacklist Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhitelist Checking SpamAssassin errors (if you use it), this may take some time... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamavmodule bitdefender" Found these virus scanners installed: bitdefender You need to have clamav correctly installed for clamavmodule to report its presence. Check your clamav line in /etc/MailScanner/virus.scanners.conf. If this is not correct then virus signature updates may cause you scanning problems. Do "which clamscan". If this says /usr/local/bin/clamscan then you need to put /usr/local at the end of the clamav line in virus.scanners.conf. Sysinfo: Sendmail is the default that comes with EL 4. Running on Linux imss.cdacb.ernet.in 2.6.9-5.EL #1 Wed Jan 5 19:22:18 EST 2005 i686 i686 i386 GNU/Linux This is Red Hat Enterprise Linux AS release 4 (Nahant) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.50.14 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/c5237116/attachment.html From support-lists at petdoctors.co.uk Wed Feb 1 12:30:10 2006 From: support-lists at petdoctors.co.uk (Nigel kendrick) Date: Wed Feb 1 12:30:44 2006 Subject: MailScanner ANNOUNCE: 4.50 released In-Reply-To: <940603D9-0CFD-4E02-BB91-1F7AD9E48118@ecs.soton.ac.uk> Message-ID: <00ce01c6272b$42124b50$1465a8c0@support01> All seems hunky dory on CentOS 4 (RHEL4) - much faster - Thanks again for all your hard work on this. Nigel Kendrick From xterm1 at Tatorz.com Wed Feb 1 12:32:31 2006 From: xterm1 at Tatorz.com (Xterm1) Date: Wed Feb 1 12:31:35 2006 Subject: SpamAssassin.cache.db Question. Message-ID: List, I have my version of MailScanner "4.50.14-1" running on CentOS 4.2. I was wondering about the effect of running /var/spool/MailScanner/incoming in a tmpfs file system according to this link... http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/120.html Reason I ask is, the new setting for the db file for spamassassin is here.. /var/spool/MailScanner/incoming/SpamAssassin.cache.db . Any thoughts or comments? Brian From res at ausics.net Wed Feb 1 12:34:21 2006 From: res at ausics.net (Res) Date: Wed Feb 1 12:34:30 2006 Subject: MailScanner ANNOUNCE: 4.50 released In-Reply-To: <00ce01c6272b$42124b50$1465a8c0@support01> References: <00ce01c6272b$42124b50$1465a8c0@support01> Message-ID: One thing, its now logging speed... MailScanner[4790]: Batch processed in 0.65 seconds I have always had... Log Speed = no hiccup? On Wed, 1 Feb 2006, Nigel kendrick wrote: > All seems hunky dory on CentOS 4 (RHEL4) - much faster - Thanks again for > all your hard work on this. > > Nigel Kendrick > > > -- Cheers Res From jaearick at colby.edu Wed Feb 1 12:37:58 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Feb 1 12:38:05 2006 Subject: MailScanner ANNOUNCE: 4.50 released In-Reply-To: References: <00ce01c6272b$42124b50$1465a8c0@support01> Message-ID: That's a feature I asked for back in November and Julian has kindly implemented. You get it even if log speed is no. Useful for tracking stats on how fast batches move thru your system. Jeff Earickson Colby College On Wed, 1 Feb 2006, Res wrote: > Date: Wed, 1 Feb 2006 22:34:21 +1000 (EST) > From: Res > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: RE: MailScanner ANNOUNCE: 4.50 released > > One thing, its now logging speed... > > MailScanner[4790]: Batch processed in 0.65 seconds > > I have always had... Log Speed = no > > hiccup? > > > > On Wed, 1 Feb 2006, Nigel kendrick wrote: > >> All seems hunky dory on CentOS 4 (RHEL4) - much faster - Thanks again for >> all your hard work on this. >> >> Nigel Kendrick >> >> >> > > -- > Cheers > Res > -- > MailScanner mailing list > MailScanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From res at ausics.net Wed Feb 1 13:09:37 2006 From: res at ausics.net (Res) Date: Wed Feb 1 13:09:47 2006 Subject: MailScanner ANNOUNCE: 4.50 released In-Reply-To: References: <00ce01c6272b$42124b50$1465a8c0@support01> Message-ID: On Wed, 1 Feb 2006, Jeff A. Earickson wrote: > That's a feature I asked for back in November and Julian has kindly > implemented. You get it even if log speed is no. Useful for tracking > stats on how fast batches move thru your system. ok well how about those of us that do NOT want it those whos logs grow 100 megs a day dont need an extra 10K lines I'm sure i'm not alone when I ask the thet log speed = no actually is a no logging. > > Jeff Earickson > Colby College > > On Wed, 1 Feb 2006, Res wrote: > >> Date: Wed, 1 Feb 2006 22:34:21 +1000 (EST) >> From: Res >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: RE: MailScanner ANNOUNCE: 4.50 released >> >> One thing, its now logging speed... >> >> MailScanner[4790]: Batch processed in 0.65 seconds >> >> I have always had... Log Speed = no >> >> hiccup? >> >> >> >> On Wed, 1 Feb 2006, Nigel kendrick wrote: >> >>> All seems hunky dory on CentOS 4 (RHEL4) - much faster - Thanks again for >>> all your hard work on this. >>> >>> Nigel Kendrick >>> >>> >>> >> >> -- >> Cheers >> Res >> -- >> MailScanner mailing list >> MailScanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- Cheers Res From padma at eis.iisc.ernet.in Wed Feb 1 13:00:59 2006 From: padma at eis.iisc.ernet.in (padma@eis.iisc.ernet.in) Date: Wed Feb 1 13:11:31 2006 Subject: MailScanner+SPamAssassin Message-ID: Hi! The following are the headers from which it is very clear that Mailscanner and Spamassassin are Working together, but I really doubt whether it is catching spam because as such if only spamassassin is running with sendmail then the very occurrence of the word GTUBE must have trigerred spamassassin. From: padma@daisy.iisc.ernet.in Message-Id: <200601301104.k0UB4SXI004163@daisy.iisc.ernet.in> MIME-Version: 1.0 X-Daisy-MailScanner-Information: Please contact the ISP for more information X-Daisy-MailScanner: Found to be clean X-Daisy-MailScanner-SpamCheck: not spam, SpamAssassin (score=-1.072, required 5, autolearn=not spam, ALL_TRUSTED -2.82, MISSING_SUBJECT 1.57, NO_REAL_NAME 0.18) X-Daisy-MailScanner-From: padma@daisy.iisc.ernet.in X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on daisy.iisc.ernet.in X-Spam-Level: X-Spam-Status: No, score=-1.1 required=5.0 tests=ALL_TRUSTED,MISSING_SUBJECT, NO_REAL_NAME autolearn=ham version=3.0.4 GTUBE test -- Regards Padma ERNET Helpdesk From prandal at herefordshire.gov.uk Wed Feb 1 13:14:05 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Feb 1 13:14:22 2006 Subject: SpamAssassin.cache.db Question. Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580B0D369F@isabella.herefordshire.gov.uk> There's a performance gain unless you're really short of RAM and using tmpfs forces stuff into swap. Current db size here is: -rw------- 1 root root 3154944 Feb 1 13:02 SpamAssassin.cache.db so it's not exactly huge. Oldest data in the cache is 55 hours old. The only downside is that you lose the cache on reboot. It will get rebuilt, so that's no disaster. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Xterm1 > Sent: 01 February 2006 12:33 > To: MailScanner discussion > Subject: SpamAssassin.cache.db Question. > > > > List, > > I have my version of MailScanner "4.50.14-1" running on > CentOS 4.2. I was wondering about the effect of running > /var/spool/MailScanner/incoming in a tmpfs file system > according to this link... > > http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/120.html > > > Reason I ask is, the new setting for the db file for > spamassassin is here.. > /var/spool/MailScanner/incoming/SpamAssassin.cache.db . > > Any thoughts or comments? > > Brian > From martelm at quark.vsc.edu Wed Feb 1 13:14:32 2006 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Wed Feb 1 13:14:39 2006 Subject: SpamAssassin.cache.db Question. In-Reply-To: References: Message-ID: <28E791D8FE56C342CD17047B@sherlockholmes.local> --On February 1, 2006 7:32:31 AM -0500 Xterm1 wrote: > Reason I ask is, the new setting for the db file for spamassassin > is here.. /var/spool/MailScanner/incoming/SpamAssassin.cache.db . Yup. What are you looking for for comments ? Julian commented on this before. He had to put it somewhere that he knew MailScanner would be able to write to. I'm sure there's a configuration setting to change where it lives. Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 From DougHall at sankyo.co.uk Wed Feb 1 13:19:25 2006 From: DougHall at sankyo.co.uk (Doug Hall) Date: Wed Feb 1 13:19:38 2006 Subject: Integration with QMail! Message-ID: <38422649D9FDBE42A238BD5604D203201FE849@wellington.sankyouk.local> Can anyone point me in the right direction for integrating MS with QMail, (if possible) Thanks Doug Hall IT Consultant Sankyo Pharma UK Ltd +44 (0) 1494 737139 +44 (0) 1494 766557 DougHall@Sankyo.co.uk ---------------------- This email including attachment/s is COMPANY CONFIDENTIAL and may contain PROPRIETARY or LEGALLY privileged information. It is intended only for use of the addressee(s). If an addressing or transmission error has misdirected this email, please notify the author by replying to this email. The contents of this e-mail are the views and opinions of the author only. If you are not the addressee or an intended recipient, you must not print, copy, amend, distribute or disclose it to anyone else or rely on the contents of this message, and you should permanently DELETE it. SANKYO PHARMA UK LTD does not accept responsibility for any unauthorised amendment which may be made to the contents of this e-mail following its dispatch. We make every effort to keep our network free from viruses. However, you need to check this email and any attachments for viruses as we can take no responsibility for any computer virus which may be transferred by this email. In any event the contents of this email shall be governed by the laws of England. From shuttlebox at gmail.com Wed Feb 1 13:21:54 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Feb 1 13:21:57 2006 Subject: MailScanner+SPamAssassin In-Reply-To: References: Message-ID: <625385e30602010521k64300a30se6b5f46320722651@mail.gmail.com> On 2/1/06, padma@eis.iisc.ernet.in wrote: > > > Hi! > > The following are the headers from which it is very clear that Mailscanner > and Spamassassin are Working together, but I really doubt whether it is > catching spam because as such if only spamassassin is running with > sendmail then the very occurrence of the word GTUBE must have trigerred > spamassassin. > > > From: padma@daisy.iisc.ernet.in > Message-Id: <200601301104.k0UB4SXI004163@daisy.iisc.ernet.in> > MIME-Version: 1.0 > X-Daisy-MailScanner-Information: Please contact the ISP for more > information > X-Daisy-MailScanner: Found to be clean > X-Daisy-MailScanner-SpamCheck: not spam, SpamAssassin (score=-1.072, > required 5, autolearn=not spam, ALL_TRUSTED -2.82, > MISSING_SUBJECT 1.57, NO_REAL_NAME 0.18) > X-Daisy-MailScanner-From: padma@daisy.iisc.ernet.in > X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on > daisy.iisc.ernet.in > X-Spam-Level: > X-Spam-Status: No, score=-1.1 required=5.0 > tests=ALL_TRUSTED,MISSING_SUBJECT, > NO_REAL_NAME autolearn=ham version=3.0.4 > > GTUBE > test > The GTUBE test is not the word itself. Go to the SpamAssassin site to see what string to use, for obvious reasons I can't post it here. :-) -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/0ec6cb88/attachment.html From padma at eis.iisc.ernet.in Wed Feb 1 13:32:15 2006 From: padma at eis.iisc.ernet.in (padma@eis.iisc.ernet.in) Date: Wed Feb 1 13:42:55 2006 Subject: MailScanner+SPamAssassin In-Reply-To: <625385e30602010521k64300a30se6b5f46320722651@mail.gmail.com> References: <625385e30602010521k64300a30se6b5f46320722651@mail.gmail.com> Message-ID: Thanks a lot!!!! I just overlooked that!!!! Regards Padma From xterm1 at Tatorz.com Wed Feb 1 13:57:26 2006 From: xterm1 at Tatorz.com (Xterm1) Date: Wed Feb 1 13:57:18 2006 Subject: SpamAssassin.cache.db Question. In-Reply-To: <28E791D8FE56C342CD17047B@sherlockholmes.local> Message-ID: -----Original Message----- Subject: Re: SpamAssassin.cache.db Question. --On February 1, 2006 7:32:31 AM -0500 Xterm1 wrote: > Reason I ask is, the new setting for the db file for spamassassin > is here.. /var/spool/MailScanner/incoming/SpamAssassin.cache.db . Yup. What are you looking for for comments ? Julian commented on this before. He had to put it somewhere that he knew MailScanner would be able to write to. I'm sure there's a configuration setting to change where it lives. Michael -- I just wanted to see if moving it would be of a necessity or not. being that on Power Loss/Reboot it would be lost. I was just looking for users own personal thoughts on the setting. Thanks Brian From MailScanner at ecs.soton.ac.uk Wed Feb 1 14:01:07 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 14:01:17 2006 Subject: MailScanner ANNOUNCE: 4.50 released In-Reply-To: References: <00ce01c6272b$42124b50$1465a8c0@support01> Message-ID: <42A0BBEB-A29D-43E5-90EF-51486DF90B0E@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 1 Feb 2006, at 13:09, Res wrote: > > On Wed, 1 Feb 2006, Jeff A. Earickson wrote: > >> That's a feature I asked for back in November and Julian has kindly >> implemented. You get it even if log speed is no. Useful for >> tracking >> stats on how fast batches move thru your system. > > ok well how about those of us that do NOT want it > those whos logs grow 100 megs a day dont need an extra 10K lines > > I'm sure i'm not alone when I ask the thet log speed = no actually > is a no logging. It's 1 line per batch of messages. If you don't like it feel free to change it. :-) I like it, it's a very handy indicator that MailScanner is working at full speed. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+C/Jvw32o+k+q+hAQEVNggArhNuLK/JO1cUt37U6aAZpFm2UnioukYJ NrQpuoZpni+0ChrEX7O3Vs95ORuv4IS3gHoTV8LPK2phrdPTD86JOpC66xwGwUuE Uet6uDqA0Pk/rCWKcPDkgmj0XiD7KFHsWzt1jcSnQ165v1rhhFgq4nSnOAPYhz1H iNnguEV4zgMWNeLeHtTlNHYjauVqWctNmgMSdAEFLIRPH30i3Y1/pep2tgxTA1jQ woS0yGXGmVT1tKvBblftj37/sW0GOhZwV3zY11Tb/+ttpQeFAO5emWtKupy6tccR X23RVagTPCl8YcaiV4/sKYrT+fCnvPeIqAd0RxJvNF9tIqLzQC73UA== =M1iW -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Feb 1 14:05:56 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 14:06:06 2006 Subject: SpamAssassin.cache.db Question. In-Reply-To: <28E791D8FE56C342CD17047B@sherlockholmes.local> References: <28E791D8FE56C342CD17047B@sherlockholmes.local> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 1 Feb 2006, at 13:14, Michael H. Martel wrote: > --On February 1, 2006 7:32:31 AM -0500 Xterm1 > wrote: > >> Reason I ask is, the new setting for the db file for spamassassin >> is here.. /var/spool/MailScanner/incoming/SpamAssassin.cache.db . Yes, if you use tmpfs for the directory then it will get lost at reboot. Its contents will be rebuilt in the first few minutes of operation anyway, so it's no great loss. And forcing you to start afresh once every few months when your server is rebooted forces any fragmentation issues in the database file to be scrapped. So it's actually quite a good idea. > > Yup. What are you looking for for comments ? Julian commented on > this before. He had to put it somewhere that he knew MailScanner > would be able to write to. > > I'm sure there's a configuration setting to change where it lives. Yes, there is. You could easily move it to /var/tmp if you prefer. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+DAR/w32o+k+q+hAQEaCAf/aX9B+wHe7FoxOARYG0zvond+Gjccj7kE posZ89GDA/6hLeUfqd1ouBXXA0grSSSqr2yJxo94ZRuyfTMlygMJcwAu9LiyCH1t +lvrbu7hlsyNaIS0ErAsGuiSj5rFcPR48qgtxcWBG9OM9Psy/Tb5cTBSHdoMWY0C I4eZ4UhcgCyTlYWIJCSeQb4FaCrqHkwWF8bdw95OWAMf9sWeFs6J7/kG7cVdAoJ9 VTHbtIDAT+Mr9M4zQfX7bWx0z2qt3o3RoRfemU5QCbHh2afTPCaaFtpdUAn+/GvS b1ohTdJuxOzICfobnLaq2eacK0d9lW/s9SvKBy1X1C6Fody5em1f3w== =bEVq -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Feb 1 14:07:46 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 14:08:09 2006 Subject: MailScanner+SPamAssassin In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 1 Feb 2006, at 13:00, padma@eis.iisc.ernet.in wrote: > > Hi! > > The following are the headers from which it is very clear that > Mailscanner and Spamassassin are Working together, but I really > doubt whether it is catching spam because as such if only > spamassassin is running with sendmail then the very occurrence of > the word GTUBE must have trigerred spamassassin. > > > From: padma@daisy.iisc.ernet.in > Message-Id: <200601301104.k0UB4SXI004163@daisy.iisc.ernet.in> > MIME-Version: 1.0 > X-Daisy-MailScanner-Information: Please contact the ISP for more > information > X-Daisy-MailScanner: Found to be clean > X-Daisy-MailScanner-SpamCheck: not spam, SpamAssassin (score=-1.072, > required 5, autolearn=not spam, ALL_TRUSTED -2.82, > MISSING_SUBJECT 1.57, NO_REAL_NAME 0.18) > X-Daisy-MailScanner-From: padma@daisy.iisc.ernet.in > X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on > daisy.iisc.ernet.in > X-Spam-Level: > X-Spam-Status: No, score=-1.1 required=5.0 > tests=ALL_TRUSTED,MISSING_SUBJECT, > NO_REAL_NAME autolearn=ham version=3.0.4 You are running SpamAssassin from outside MailScanner. You have a sendmail milter or a procmail script running SpamAssassin, these headers were not generated by MailScanner. I advise you fix your setup, as it will work considerably faster if you do. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+DAtvw32o+k+q+hAQGqAgf/f61r2DTS8lidrw14lNSqJXb0YvfIuem0 qrbg1hFDBZB8ik+rRD5TlmEOO35nxH/4erP1PnX91t6DPehP3Xf4BEHosRTdfj0r YtHeUSXcnSNvYBqTvrbk4NI6U4+m1njMP4nI/243viy4DE6HRiKy7YJb5F0CPXCV h87dm89X9VEtPnQWkGXPzMNjv6qAmDCllY0vS17f7umjwy/OU1m8182X5ZwFTHvI eSN6ikQGNmAf/MsEDPvDAwA3UhuJkr3BKbzhcmRSADvsU7PP9fOw6kxEXddrdg9y Z9zBnd+FbfTpMDPCr2mbX/vrLVACrA3fkX3nVL4GidtWUXb91d+6eg== =/QGn -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Wed Feb 1 14:10:02 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 1 14:10:06 2006 Subject: MailScanner+SPamAssassin In-Reply-To: References: <625385e30602010521k64300a30se6b5f46320722651@mail.gmail.com> Message-ID: <223f97700602010610t1c95c24fj@mail.gmail.com> On 01/02/06, padma@eis.iisc.ernet.in wrote: > > > Thanks a lot!!!! I just overlooked that!!!! > > Regards > Padma You might also be interrested in looking at http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mta:connexion#gtube_test_message (beware linewraps) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Wed Feb 1 14:11:33 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 14:11:48 2006 Subject: Integration with QMail! In-Reply-To: <38422649D9FDBE42A238BD5604D203201FE849@wellington.sankyouk.local> References: <38422649D9FDBE42A238BD5604D203201FE849@wellington.sankyouk.local> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- You need to talk to the Opencomputing guys http://www.openprotect.com/ Google would have found this for you very quickly :-) On 1 Feb 2006, at 13:19, Doug Hall wrote: > Can anyone point me in the right direction for integrating MS with > QMail, (if possible) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+DBnfw32o+k+q+hAQGL7wgAp3EF614jyt3uNSQ/AJ5wGbYgQgqFpjmn FDXWON2EnBwMvOK73zqmgrG/EYYhcdY3Zy/stwLU+zZaWiMgB9h9JuxJkkBESIT/ Li+W1iMUefHfmDOxkJfheDwC2FpL+MH5hHfH7YD5qJatyLzUQutxg/+SzebORAGs mw2FE/YyCk94LU6YR9RVRPHfCGzkTO51JmJMdAbUxLDfLsCcCgIya7s2A0cNnD2V 71b774hmVnWLrD1BL61A2oqX+wdoUGmJ68UZD5TuUt3ehCur8FFXcgMEokPi5k5A eemLxvsB9FdDrfgS4zTmQt+uPXncHV5OiVd4MW0flrNZpLStio5fKg== =E2kk -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From roger at rudnick.com.br Wed Feb 1 14:40:29 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Wed Feb 1 14:40:41 2006 Subject: sendmail greet_pause feature References: <86144ED6CE5B004DA23E1EAC0B569B580B0D364D@isabella.herefordshire.gov.uk> <43E0A077.8070906@linux-kernel.at> Message-ID: <020401c6273d$7304caa0$0600a8c0@roger> To late... I'm allready upgraded to 8.13 using the sources from Centos 4. But thanks anyway... ----- Original Message ----- From: "Oliver Falk" To: "MailScanner discussion" Sent: Wednesday, February 01, 2006 9:50 AM Subject: Re: sendmail greet_pause feature > On 02/01/2006 11:49 AM, Randal, Phil wrote: >> You could always try grabbing the Centos 4.2 sendmail 8.13 source RPM >> and rebuilding: >> >> rpm --rebuild >> http://anorien.csc.warwick.ac.uk/mirrors/centos/4.2/os/SRPMS/sendmail-8. >> 13.1-2.src.rpm >> >> for example, and then installing (and reconfiguring as necessary). > > Go to http://rpms.linux-kernel.at/ and search for sendmail. You'll find > srpms that will work fine with CentOS and you'll also find rpms for CentOS > 3 and 4.1. > > Best, > Oliver > >> Cheers, >> >> Phil >> >> ---- >> Phil Randal >> Network Engineer >> Herefordshire Council >> Hereford, UK >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Roger >>> Jochem >>> Sent: 01 February 2006 10:26 >>> To: MailScanner discussion >>> Subject: Re: sendmail greet_pause feature >>> >>> I'm using the rpm version of sendmail in my centos-3 box (sendmail 8.12) >>> and I would like to upgrade to sendmail 8.13 to use this feature, that >>> seems really great. Is there some problem I should be aware, or the >>> tar.gz version found at sendmail.org would work fine on my machine? >>> Anyone using 8.13 at >>> centos-3 or some similar OS? >>> >>> Regards >>> >>> Roger Jochem >>> >>> ----- Original Message ----- >>> From: "Anders Andersson, IT" >>> To: "MailScanner discussion" >>> Sent: Wednesday, February 01, 2006 8:01 AM >>> Subject: RE: sendmail greet_pause feature >>> >>> >>>>> -----Original Message----- >>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>>> Of Jim Holland >>>>> Sent: Wednesday, February 01, 2006 9:12 AM >>>>> To: MailScanner mailing list >>>>> Subject: OT: sendmail greet_pause feature >>>>> >>>>> Perhaps other sendmail users know all about this, but I have >>>>> only looked at it for the first time. >>>>> >>>>> I run sendmail 8.13.1 and have decided to implement the >>>>> greet_pause feature for the first time (after seeing that it >>>>> is a default option in Debian installations). This requires >>>>> a specified delay after connection, which can be network >>>>> specific, before a client system is allowed to send any SMTP >>>>> commands. Any client that breaks normal SMTP protocols by >>>>> trying to force commands before receiving the go-ahead is >>>>> immediately disconnected. This seems to distinguish very >>>>> successfully between genuine mailers and spammers/viruses >>>>> that are not RFC-compliant. >>>>> >>>>> Using a 5 second delay I have found that the system has >>>>> blocked over 3200 connections in the first 24 hours I used >>>>> it. The client systems were all typical of spammers, with >>>>> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR >>>>> record at all. I found only four systems in the blocked >>>>> group that looked as if they were genuine. On further >>>>> investigation I found that earlier log records for some of >>>>> those sites indicated behaviour typical of virus infections >>>>> in any case. >>>> I second that, thoguh I raised mine to 25 sec just for the >>> fun of it. I >>>> started low but raised it by 5 sec eeverytime and its been running >>>> smooth. So far no one complained and the ones we have a great >>>> mailexchange with been added to acces list >>>> >>>> /Anders >>>> >>>>> To implement the feature: >>>>> >>>>> Add the following to the sendmail.mc file: >>>>> >>>>> FEATURE(`greet_pause', `5000')dnl 5 seconds >>>>> >>>>> Rebuild sendmail and restart MailScanner: >>>>> >>>>> m4 < sendmail.mc > sendmail.cf >>>>> service MailScanner restart >>>>> >>>>> Then specific entries for client hostname, domain, IP address >>>>> or subnet can be put in the access file: >>>>> >>>>> GreetPause:my.domain 0 >>>>> GreetPause:example.com 5000 >>>>> GreetPause:10.1.2 2000 >>>>> GreetPause:127.0.0.1 0 >>>>> >>>>> Definitely worth a look I would say, as it blocks large >>>>> numbers of spammers before they are allowed to send any data, >>>>> with very low risk of blocking genuine systems. It even >>>>> seems to allow genuine mail from infected systems to be >>>>> accepted while blocking viruses from those same systems >>>>> before the DATA phase - as many viruses seem to behave rather >>>>> impolitely :-) >>>>> >>>>> Regards >>>>> >>>>> Jim Holland >>>>> System Administrator >>>>> MANGO - Zimbabwe's non-profit e-mail service >>>> -- >>>> MailScanner mailing list >>>> MailScanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> -- >>> MailScanner mailing list >>> MailScanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > MailScanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From roger at rudnick.com.br Wed Feb 1 14:43:28 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Wed Feb 1 14:43:43 2006 Subject: Number of files on quarantine References: <00ce01c6272b$42124b50$1465a8c0@support01> <42A0BBEB-A29D-43E5-90EF-51486DF90B0E@ecs.soton.ac.uk> Message-ID: <021301c6273d$dd927890$0600a8c0@roger> Another question! I just upgraded Sendmail to 8.13 and MailScanner to the latest stable (4.50.14-1). I noticed in my mailscanner-mrtg page that the number of files / messages on quarantine, that was always something near 509,6 k, dropped to zero and restarted (and is now at 142,3 k). I wonder If that happened because of one the upgrades, and wich one caused that... The directory is still full of files, but the info in mailscanner-mrtg is weird... Regards Roger Jochem From mradzinschi at gmail.com Wed Feb 1 15:30:24 2006 From: mradzinschi at gmail.com (Marco Radzinschi) Date: Wed Feb 1 15:30:28 2006 Subject: Attachment Warnings - End of Line Behavior Changed (CR, LF) In-Reply-To: <6a4915590601301601s5399fd75jabf461d86eaf5d71@mail.gmail.com> References: <6a4915590601301601s5399fd75jabf461d86eaf5d71@mail.gmail.com> Message-ID: <6a4915590602010730t3055651elef164558540cee58@mail.gmail.com> Hello: I noticed that the CR/LF behavior has changed in the newest version of MailScanner (4.49) from DOS (LF only) to Unix-type text files (+) for the generated attachment warnings. I treid removing the excess characters in the report templates myself, but I noticed that the Perl script still appends to the report templates with +, which makes it appear mangled on a GroupWise system running on Windows. I did not see a configuration option for this, so I am assuming that it is hard-coded somewhere in the script, or in one of the external modules that the script uses. Does anyone know how to change this behavior? Thank You, Marco Radzinschi -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/0f70a206/attachment.html From MailScanner at ecs.soton.ac.uk Wed Feb 1 15:42:16 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 15:42:29 2006 Subject: Attachment Warnings - End of Line Behavior Changed (CR, LF) In-Reply-To: <6a4915590602010730t3055651elef164558540cee58@mail.gmail.com> References: <6a4915590601301601s5399fd75jabf461d86eaf5d71@mail.gmail.com> <6a4915590602010730t3055651elef164558540cee58@mail.gmail.com> Message-ID: <5CE191E7-9FB5-4A17-827A-2460A7A16708@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- If you switch off "Sign Clean Messages" so that the body of the message is totally untouched, it should leave them alone like it used to. This is a major problem which we are working on. On 1 Feb 2006, at 15:30, Marco Radzinschi wrote: > > Hello: > > I noticed that the CR/LF behavior has changed in the newest version > of MailScanner (4.49) from DOS (LF only) to Unix-type text files > (+) for the generated attachment warnings. > > I treid removing the excess characters in the report templates > myself, but I noticed that the Perl script still appends to the > report templates with +, which makes it appear mangled on a > GroupWise system running on Windows. > > I did not see a configuration option for this, so I am assuming > that it is hard-coded somewhere in the script, or in one of the > external modules that the script uses. Does anyone know how to > change this behavior? > > Thank You, > > Marco Radzinschi > -- > MailScanner mailing list > MailScanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+DW3fw32o+k+q+hAQGlxQgAng0pjrITpKD1baVj4rXxmLr0Y1d+hbOA QUUjlmLORNHBbdrcJrrj0Y1hvV1y44xgwoJK4ER+aDZbA3JG1yHwGp/1LqZEXhyG M9vUojWY0wU0tJZoCMFVxeGGbBWXt1kZDE1mV8EcV4Bpyt+JsHU9BcC1qaGQ+vPo J+3Ep6nQFzAheNcjMi65rgeMKA5D+CLSObv28wbOg66Esbp0EcOG+DMa1cjPfF71 ZbMda/PE38zegYExjWj0oDPC5nG7oN7UN3uYlLUJWNKuXR8kkYWd6fgW8JoYIUfd z1Z1PeGsKeMSvQmEpTB8c0wxRezEqAK7PR9bmRyi8NoZ9cIZpm/acQ== =I0VJ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Wed Feb 1 15:43:11 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Feb 1 15:43:29 2006 Subject: Attachment Warnings - End of Line Behavior Changed (CR, LF) In-Reply-To: <6a4915590602010730t3055651elef164558540cee58@mail.gmail.com> References: <6a4915590601301601s5399fd75jabf461d86eaf5d71@mail.gmail.com> <6a4915590602010730t3055651elef164558540cee58@mail.gmail.com> Message-ID: <43E0D70F.9080804@USherbrooke.ca> Marco Radzinschi wrote: > > Hello: > > I noticed that the CR/LF behavior has changed in the newest version of > MailScanner (4.49) from DOS (LF only) to Unix-type text files > (+) for the generated attachment warnings. DOS = CR+LF, Unix/Linux = LF > > I treid removing the excess characters in the report templates > myself, but I noticed that the Perl script still appends to the report > templates with +, which makes it appear mangled on a GroupWise > system running on Windows. > > I did not see a configuration option for this, so I am assuming that > it is hard-coded somewhere in the script, or in one of the external > modules that the script uses. Does anyone know how to change this > behavior? This has been discussed previously (about 1-2 weeks ago). It is probably a bug in MIME::Tools IIRC. Some people were supposed to talk to the developer to get a fix. Don't know how it turned out... Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 From MailScanner at ecs.soton.ac.uk Wed Feb 1 15:54:12 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 15:54:23 2006 Subject: Thunderbird 1.5 support Message-ID: <6BA4D37A-055B-44DB-A21A-EDA100164C49@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Thunderbird 1.5 has the ability to trust the spam headers generated by SpamAssassin. It uses these headers to automatically put all identified spam into the user's "Junk" mailbox, so the users don't have to write any filters or anything like that. All new installations of MailScanner generate the correct headers for this. If you want to add support for this to your existing MailScanner setup, simply use the "header" Spam Action to generate them for you. Put these into your MailScanner.conf file: Spam Actions = deliver header "X-Spam-Status: Yes" High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" Non Spam Actions = deliver header "X-Spam-Status: No" - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+DZp/w32o+k+q+hAQE2Sgf/alqO2uPYCdbG2U7B+ZdAoyNsiiWrV55s nJj4t0qhEM05ujTRn1AwHDsD14X8RBKc2opM8vv6Dd5I5lVk3z2+VOLCE/bnwRxX ICQ1NQ/vGjIrtj7VwPAroCoZJjbxXqUaJSf0L2ePhPQ50s/Wu+GJbdxSWO44Xa5m EHPbC4o7SU/E0VTynj7Wjy0UKEpTJJBVZ1imw70FFgldlwY31coF7g3qqFwW8XDp M3Za8swbe63oEzuegntsCwj2/hSlW1Pm97sxSildD4Jg/VGGBFwLCHDTlCuyVr0w hXLXiiT83XlxGNq484XSuYQpLVSyUYfiB3PFrnm1lq7y9MU/VPh/oQ== =tl+A -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mradzinschi at gmail.com Wed Feb 1 15:55:17 2006 From: mradzinschi at gmail.com (Marco Radzinschi) Date: Wed Feb 1 15:55:21 2006 Subject: Attachment Warnings - End of Line Behavior Changed (CR, LF) In-Reply-To: <43E0D70F.9080804@USherbrooke.ca> References: <6a4915590601301601s5399fd75jabf461d86eaf5d71@mail.gmail.com> <6a4915590602010730t3055651elef164558540cee58@mail.gmail.com> <43E0D70F.9080804@USherbrooke.ca> Message-ID: <6a4915590602010755p653f0417v2d9e039f45e301a7@mail.gmail.com> I'm so used to doing the following quick fix that I don't even think about it anymore... perl -p -e 's/\n/\r\n/' unixfile.txt dosfile.txt perl -p -e 's/\r$//' dosfile.txt unixfile.txt Thanks for the catch - must not have had enough coffee that day. :-) - Marco On 2/1/06, Denis Beauchemin wrote: > > Marco Radzinschi wrote: > > > > > Hello: > > > > I noticed that the CR/LF behavior has changed in the newest version of > > MailScanner (4.49) from DOS (LF only) to Unix-type text files > > (+) for the generated attachment warnings. > > DOS = CR+LF, Unix/Linux = LF > > > > > I treid removing the excess characters in the report templates > > myself, but I noticed that the Perl script still appends to the report > > templates with +, which makes it appear mangled on a GroupWise > > system running on Windows. > > > > I did not see a configuration option for this, so I am assuming that > > it is hard-coded somewhere in the script, or in one of the external > > modules that the script uses. Does anyone know how to change this > > behavior? > > This has been discussed previously (about 1-2 weeks ago). It is > probably a bug in MIME::Tools IIRC. Some people were supposed to talk > to the developer to get a fix. Don't know how it turned out... > > Denis > > -- > _ > ?v? Denis Beauchemin, analyste > /(_)\ Universit? de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x2252 F: 819.821.8045 > > > -- > MailScanner mailing list > MailScanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/7c70b9db/attachment.html From dean.plant at roke.co.uk Wed Feb 1 16:07:40 2006 From: dean.plant at roke.co.uk (Plant, Dean) Date: Wed Feb 1 16:07:51 2006 Subject: sendmail greet_pause feature Message-ID: <2181C5F19DD0254692452BFF3EAF1D6801527A4E@rsys005a.comm.ad.roke.co.uk> Should this be used as a replacement to greylisting or can it be used along side? Dean -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jim Holland Sent: 01 February 2006 08:12 To: MailScanner mailing list Subject: OT: sendmail greet_pause feature Perhaps other sendmail users know all about this, but I have only looked at it for the first time. I run sendmail 8.13.1 and have decided to implement the greet_pause feature for the first time (after seeing that it is a default option in Debian installations). This requires a specified delay after connection, which can be network specific, before a client system is allowed to send any SMTP commands. Any client that breaks normal SMTP protocols by trying to force commands before receiving the go-ahead is immediately disconnected. This seems to distinguish very successfully between genuine mailers and spammers/viruses that are not RFC-compliant. Using a 5 second delay I have found that the system has blocked over 3200 connections in the first 24 hours I used it. The client systems were all typical of spammers, with adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR record at all. I found only four systems in the blocked group that looked as if they were genuine. On further investigation I found that earlier log records for some of those sites indicated behaviour typical of virus infections in any case. To implement the feature: Add the following to the sendmail.mc file: FEATURE(`greet_pause', `5000')dnl 5 seconds Rebuild sendmail and restart MailScanner: m4 < sendmail.mc > sendmail.cf service MailScanner restart Then specific entries for client hostname, domain, IP address or subnet can be put in the access file: GreetPause:my.domain 0 GreetPause:example.com 5000 GreetPause:10.1.2 2000 GreetPause:127.0.0.1 0 Definitely worth a look I would say, as it blocks large numbers of spammers before they are allowed to send any data, with very low risk of blocking genuine systems. It even seems to allow genuine mail from infected systems to be accepted while blocking viruses from those same systems before the DATA phase - as many viruses seem to behave rather impolitely :-) Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service -- MailScanner mailing list MailScanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From rmantilla at smi.com.pe Wed Feb 1 16:20:29 2006 From: rmantilla at smi.com.pe (Rafael Mantilla) Date: Wed Feb 1 16:20:41 2006 Subject: sendmail greet_pause feature In-Reply-To: References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> Message-ID: <20060201161203.M49950@smi.com.pe> Julian, i think 'posix' lock type is needed since sendmail 8.12.x not 8.13.x, i'm still using 8.12.6 in one of my servers and i have to change to posix lock type because i have mails been processed twice (same mail id) by mailscanner. Rafael Mantilla ---------- Original Message ----------- From: Julian Field To: MailScanner discussion Sent: Wed, 1 Feb 2006 10:34:44 +0000 Subject: Re: sendmail greet_pause feature > -----BEGIN PGP SIGNED MESSAGE----- > > Don't forget to change MailScanner.conf to > Lock Type = posix > when you upgrade sendmail to 8.13. > > You should be able to find a good RPM of this, so you don't build it > from source and put everything in odd locations. Try http:// > dag.wieers.com/ and search his RPM repository. > > On 1 Feb 2006, at 10:26, Roger Jochem wrote: > > > I'm using the rpm version of sendmail in my centos-3 box (sendmail > > 8.12) and I would like to upgrade to sendmail 8.13 to use this > > feature, that seems really great. Is there some problem I should be > > aware, or the tar.gz version found at sendmail.org would work fine > > on my machine? Anyone using 8.13 at centos-3 or some similar OS? > > > > Regards > > > > Roger Jochem > > ________________________________________________________________________ - El correo electronico de San Miguel Industrial S.A. se utiliza exclusivamente con fines comerciales, cualquier otro uso entra en conflicto con las politicas de la empresa. - San Miguel Industrial S.A. verifica y analiza sus correos electronicos en busca de cualquier virus conocido a la fecha u otro contenido peligroso antes que abandonen sus servidores. From Edge at twu.ca Wed Feb 1 16:26:17 2006 From: Edge at twu.ca (Richard Edge) Date: Wed Feb 1 16:23:58 2006 Subject: ALL_TRUSTED problems Message-ID: -----Original Message----- >> >I'd also STRONGLY suggest running: >> >spamassassin --lint. >> >> >As previously suggested. You should run that EVERY time you edit a >> config file. >> >> Which I always do. No problems reported. >Ok, how about quoting a bit of the begining of "spamassassin --lint -D" here? Just the >part Matt's been asking about... Okay here you go. The --lint -D output from root login: ----------------------- [7789] dbg: ignore: using a test message to lint rules [7789] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [7789] dbg: config: read file /etc/mail/spamassassin/init.pre [7789] dbg: config: using "/usr/share/spamassassin" for sys rules pre files [7789] dbg: config: using "/usr/share/spamassassin" for default rules dir [7789] dbg: config: read file /usr/share/spamassassin/10_misc.cf [7789] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf [7789] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf [7789] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_compensate.cf [7789] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_drugs.cf [7789] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_phrases.cf [7789] dbg: config: read file /usr/share/spamassassin/20_porn.cf [7789] dbg: config: read file /usr/share/spamassassin/20_ratware.cf [7789] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/23_bayes.cf [7789] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf [7789] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf [7789] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf [7789] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf [7789] dbg: config: read file /usr/share/spamassassin/25_dcc.cf [7789] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf [7789] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf [7789] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf [7789] dbg: config: read file /usr/share/spamassassin/25_razor2.cf [7789] dbg: config: read file /usr/share/spamassassin/25_replace.cf [7789] dbg: config: read file /usr/share/spamassassin/25_spf.cf [7789] dbg: config: read file /usr/share/spamassassin/25_textcat.cf [7789] dbg: config: read file /usr/share/spamassassin/25_uribl.cf [7789] dbg: config: read file /usr/share/spamassassin/30_text_de.cf [7789] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf [7789] dbg: config: read file /usr/share/spamassassin/30_text_it.cf [7789] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf [7789] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf [7789] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf [7789] dbg: config: read file /usr/share/spamassassin/50_scores.cf [7789] dbg: config: read file /usr/share/spamassassin/60_awl.cf [7789] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf [7789] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf [7789] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf [7789] dbg: config: using "/etc/mail/spamassassin" for site rules dir [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_adult.cf [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum1.cf [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum2.cf [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu0.cf [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_oem.cf [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_spoof.cf [7789] dbg: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf [7789] dbg: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf [7789] dbg: config: read file /etc/mail/spamassassin/chickenpox.cf [7789] dbg: config: read file /etc/mail/spamassassin/local.cf [7789] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf ------------------------- >From within MailWatch which I assume would be the same as what MailScanner is close to seeing as it is idential to what I get as the postfix user: ----------- [4409] dbg: ignore: using a test message to lint rules 0.00028 [4409] dbg: config: using "/etc/mail/spamassassin" for site rules pre files 0.00028 [4409] dbg: config: read file /etc/mail/spamassassin/init.pre 0.00028 [4409] dbg: config: using "/usr/share/spamassassin" for sys rules pre files 0.00026 [4409] dbg: config: using "/usr/share/spamassassin" for default rules dir 0.00027 [4409] dbg: config: read file /usr/share/spamassassin/10_misc.cf 0.00028 [4409] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf 0.00028 [4409] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf 0.00027 [4409] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf 0.00027 [4409] dbg: config: read file /usr/share/spamassassin/20_compensate.cf 0.0003 [4409] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf 0.00029 [4409] dbg: config: read file /usr/share/spamassassin/20_drugs.cf 0.00028 [4409] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf 0.00052 [4409] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf 0.00172 [4409] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf 0.00109 [4409] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf 0.00044 [4409] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf 0.00034 [4409] dbg: config: read file /usr/share/spamassassin/20_phrases.cf 0.00092 [4409] dbg: config: read file /usr/share/spamassassin/20_porn.cf 0.00049 [4409] dbg: config: read file /usr/share/spamassassin/20_ratware.cf 0.00086 [4409] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf 0.00066 [4409] dbg: config: read file /usr/share/spamassassin/23_bayes.cf 0.00037 [4409] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf 0.00031 [4409] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf 0.0003 [4409] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf 0.00056 [4409] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf 0.00099 [4409] dbg: config: read file /usr/share/spamassassin/25_dcc.cf 0.00031 [4409] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf 0.0003 [4409] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf 0.00033 [4409] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf 0.0003 [4409] dbg: config: read file /usr/share/spamassassin/25_razor2.cf 0.00029 [4409] dbg: config: read file /usr/share/spamassassin/25_replace.cf 0.00067 [4409] dbg: config: read file /usr/share/spamassassin/25_spf.cf 0.00041 [4409] dbg: config: read file /usr/share/spamassassin/25_textcat.cf 0.0003 [4409] dbg: config: read file /usr/share/spamassassin/25_uribl.cf 0.00044 [4409] dbg: config: read file /usr/share/spamassassin/30_text_de.cf 0.0019 [4409] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf 0.00188 [4409] dbg: config: read file /usr/share/spamassassin/30_text_it.cf 0.00051 [4409] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf 0.00145 [4409] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf 0.00132 [4409] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf 0.00045 [4409] dbg: config: read file /usr/share/spamassassin/50_scores.cf 0.00168 [4409] dbg: config: read file /usr/share/spamassassin/60_awl.cf 0.00048 [4409] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf 0.00044 [4409] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf 0.00043 [4409] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf 0.00033 [4409] dbg: config: using "/etc/mail/spamassassin" for site rules dir 0.00188 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_adult.cf 0.00153 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf 0.00088 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum1.cf 0.00035 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum2.cf 0.00049 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu0.cf 0.00189 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_oem.cf 0.00091 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_spoof.cf 0.00105 [4409] dbg: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf 0.00087 [4409] dbg: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf 0.00053 [4409] dbg: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf 0.00631 [4409] dbg: config: read file /etc/mail/spamassassin/chickenpox.cf 0.00144 [4409] dbg: config: read file /etc/mail/spamassassin/local.cf 0.00039 [4409] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf 0.00077 [4409] dbg: config: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file 0.00027 [4409] dbg: config: read file /etc/MailScanner/spam.assassin.prefs.conf --------------------- >> >> >> Please use https://helpdesk.twu.ca for all Technical support requests. >> >Really? A relative of mine has these BMC 1300s that consume approximately as much oil as >petrol.... Would the helpdesk handle that >too:-):-) :-) Oops, looks like I used my internal sig. on that message. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology From MailScanner at ecs.soton.ac.uk Wed Feb 1 16:29:57 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 16:30:08 2006 Subject: sendmail greet_pause feature In-Reply-To: <20060201161203.M49950@smi.com.pe> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Linux, sendmail 8.13 and upwards needs posix, anything before 8.13 needs flock. On 1 Feb 2006, at 16:20, Rafael Mantilla wrote: > Julian, i think 'posix' lock type is needed since sendmail 8.12.x > not 8.13.x, > i'm still using 8.12.6 in one of my servers and i have to change to > posix lock > type because i have mails been processed twice (same mail id) by > mailscanner. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+DiCPw32o+k+q+hAQGsoQgAnm4Qa2w42oU400mqhQHM3VvI9M6uXYkh hn1jz6AckNouSZv+bgD7vLIbH3XBxh1raaXxKTA7t30meKLVO/Cz2bGyR62jS3MY JyN4Lph92jXfHUII+hFs0ThKNozBSegCCqifnRXf2RrsiTHLW5mRoJojwb49z4+k QRtdIiDqbw3cFhl8FqDD2q5OmEbiuDdU4OPSEXeB88HS29u5CtDWp0JHEjhV1AS1 AQ5E0K4SgXhv4/w+Ltst8ghNv5ilB4wCwIxPIV+smvCiQM6rUusHSSEzxLfhwteh kEPObOLLL+4EYidKIfpvUfThgMNp0epzG+T2Df6wqGN12tMFt+u0lA== =R75r -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Wed Feb 1 16:31:06 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Feb 1 16:31:09 2006 Subject: sendmail greet_pause feature In-Reply-To: <2181C5F19DD0254692452BFF3EAF1D6801527A4E@rsys005a.comm.ad.roke.co.uk> References: <2181C5F19DD0254692452BFF3EAF1D6801527A4E@rsys005a.comm.ad.roke.co.uk> Message-ID: <625385e30602010831p53f04fb0ob1ec7a4087b83000@mail.gmail.com> On 2/1/06, Plant, Dean wrote: > > Should this be used as a replacement to greylisting or can it be used > along side? > You can use both if you like. Both assume spammers are in a hurry. :-) -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/273dd387/attachment.html From ssilva at sgvwater.com Wed Feb 1 16:36:41 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Feb 1 16:38:22 2006 Subject: spamassassinprefsfile at line 1377 In-Reply-To: <20060201033002.55454.qmail@web50606.mail.yahoo.com> References: <20060201033002.55454.qmail@web50606.mail.yahoo.com> Message-ID: Devi S spake the following on 1/31/2006 7:30 PM: > > > */Scott Silva /* wrote: > > > > > > Please advice. Thank you. > Is this an upgrade? > Did you run the upgrade_MailScanner_conf script? > I think I didn't do that this time. Julian also advised to do > it. Can I do it now or should I do it only during next upgradation? You can run it now. It is always a good choice to either run it everytime, or if you are good with diff, you can see the changes and incorporate them yourself. The script is MUCH easier. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From gregg at gbcomputers.com Wed Feb 1 18:25:12 2006 From: gregg at gbcomputers.com (Gregg Berkholtz) Date: Wed Feb 1 18:25:16 2006 Subject: Cannot install DBI with MS 4.50.14 Message-ID: <20060201182512.GA30959@gbcomputers.com> It appears I cant install DBI as I'm getting the following error after running MailScanner's install.sh on a Debian 3.0 system. Any assistance is greatly appreciated: "... Writing Makefile for DBI /usr/bin/perl "-MExtUtils::Command" -e mkpath blib/lib/DBI rm -f blib/lib/DBI/Changes.pm cp Changes blib/lib/DBI/Changes.pm /usr/bin/perl "-MExtUtils::Command" -e mkpath blib/lib/DBI rm -f blib/lib/DBI/Roadmap.pm cp Roadmap.pod blib/lib/DBI/Roadmap.pm cp Driver_xst.h blib/arch/auto/DBI/Driver_xst.h cp lib/DBI/ProfileDumper.pm blib/lib/DBI/ProfileDumper.pm cp Roadmap.pod blib/lib/Roadmap.pod cp DBIXS.h blib/arch/auto/DBI/DBIXS.h cp lib/DBI/DBD/Metadata.pm blib/lib/DBI/DBD/Metadata.pm cp lib/DBD/NullP.pm blib/lib/DBD/NullP.pm cp dbipport.h blib/arch/auto/DBI/dbipport.h cp dbd_xsh.h blib/arch/auto/DBI/dbd_xsh.h cp lib/DBI/Const/GetInfoReturn.pm blib/lib/DBI/Const/GetInfoReturn.pm cp lib/DBI/Const/GetInfo/ANSI.pm blib/lib/DBI/Const/GetInfo/ANSI.pm cp lib/DBI/PurePerl.pm blib/lib/DBI/PurePerl.pm cp lib/DBI/Profile.pm blib/lib/DBI/Profile.pm cp lib/DBI/SQL/Nano.pm blib/lib/DBI/SQL/Nano.pm cp lib/DBD/File.pm blib/lib/DBD/File.pm cp DBI.pm blib/lib/DBI.pm cp lib/DBD/DBM.pm blib/lib/DBD/DBM.pm cp lib/DBI/FAQ.pm blib/lib/DBI/FAQ.pm cp lib/DBD/ExampleP.pm blib/lib/DBD/ExampleP.pm cp lib/Bundle/DBI.pm blib/lib/Bundle/DBI.pm cp lib/Win32/DBIODBC.pm blib/lib/Win32/DBIODBC.pm cp lib/DBI/W32ODBC.pm blib/lib/DBI/W32ODBC.pm cp dbivport.h blib/arch/auto/DBI/dbivport.h cp lib/DBI/DBD.pm blib/lib/DBI/DBD.pm cp lib/DBI/ProfileData.pm blib/lib/DBI/ProfileData.pm cp lib/DBD/Proxy.pm blib/lib/DBD/Proxy.pm cp lib/DBI/ProxyServer.pm blib/lib/DBI/ProxyServer.pm cp lib/DBI/Const/GetInfoType.pm blib/lib/DBI/Const/GetInfoType.pm cp dbi_sql.h blib/arch/auto/DBI/dbi_sql.h cp lib/DBI/ProfileDumper/Apache.pm blib/lib/DBI/ProfileDumper/Apache.pm cp Driver.xst blib/arch/auto/DBI/Driver.xst cp lib/DBI/Const/GetInfo/ODBC.pm blib/lib/DBI/Const/GetInfo/ODBC.pm cp lib/DBD/Sponge.pm blib/lib/DBD/Sponge.pm /usr/bin/perl -p -e "s/~DRIVER~/Perl/g" ./Driver.xst > Perl.xsi /usr/bin/perl /usr/share/perl/5.6.1/ExtUtils/xsubpp -typemap /usr/share/perl/5.6.1/ExtUtils/typemap -typemap typemap Perl.xs > Perl.xsc && mv Perl.xsc Perl.c cc -c -DDEBIAN -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -DVERSION=\"1.50\" -DXS_VERSION=\"1.50\" -fPIC "-I/usr/lib/perl/5.6.1/CORE" -W -Wall -Wpointer-arith -Wbad-function-cast -Wno-comment -Wno-sign-compare -Wno-cast-qual -DDBI_NO_THREADS Perl.c Perl.xs: In function `dbd_st_rows': Perl.xs:39: warning: unused parameter `h' Perl.c: In function `XS_DBD__Perl__dr_data_sources': Perl.c:84: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db__login': Perl.c:119: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_selectall_arrayref': Perl.c:153: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_do': Perl.c:273: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_last_insert_id': Perl.c:310: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_commit': Perl.c:339: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_rollback': Perl.c:356: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_disconnect': Perl.c:373: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_STORE': Perl.c:406: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_FETCH': Perl.c:428: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_DESTROY': Perl.c:447: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_take_imp_data': Perl.c:506: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st__prepare': Perl.c:568: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_bind_col': Perl.c:620: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_bind_param': Perl.c:671: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_bind_param_inout': Perl.c:713: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_execute': Perl.c:761: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_execute_for_fetch': Perl.c:795: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_fetchall_arrayref': Perl.c:868: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_finish': Perl.c:901: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_blob_read': Perl.c:931: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_STORE': Perl.c:969: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_DESTROY': Perl.c:1013: warning: unused parameter `cv' Perl.c: In function `boot_DBD__Perl': Perl.c:1064: warning: unused parameter `cv' Perl.c: At top level: dbipport.h:529: warning: `my_sv_2pvbyte' defined but not used /usr/bin/perl /usr/share/perl/5.6.1/ExtUtils/xsubpp -typemap /usr/share/perl/5.6.1/ExtUtils/typemap -typemap typemap DBI.xs > DBI.xsc && mv DBI.xsc DBI.c cc -c -DDEBIAN -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -DVERSION=\"1.50\" -DXS_VERSION=\"1.50\" -fPIC "-I/usr/lib/perl/5.6.1/CORE" -W -Wall -Wpointer-arith -Wbad-function-cast -Wno-comment -Wno-sign-compare -Wno-cast-qual -DDBI_NO_THREADS DBI.c DBI.xs: In function `dbih_clearcom': DBI.xs:1183: warning: unused variable `Perl___notused' DBI.xs: In function `dbih_get_fbav': DBI.xs:1332: warning: unused variable `Perl___notused' DBI.xs: In function `dbih_set_attr_k': DBI.xs:1514: warning: unused variable `Perl___notused' DBI.xs:1416: warning: unused variable `Perl___notused' DBI.xs: In function `dbih_get_attr_k': DBI.xs:1654: warning: unused variable `Perl___notused' DBI.xs: In function `log_where': DBI.xs:2081: warning: unused variable `Perl___notused' DBI.xs: In function `XS_DBI_dispatch': DBI.xs:2971: warning: unused variable `Perl___notused' DBI.c: In function `XS_DBI__install_method': DBI.c:3650: warning: unused parameter `cv' DBI.c: In function `XS_DBI_dbi_time': DBI.c:3833: warning: unused parameter `cv' DBI.c: In function `XS_DBD_____db_preparse': DBI.c:3988: warning: unused parameter `cv' DBI.c: At top level: dbipport.h:529: warning: `my_sv_2pvbyte' defined but not used Running Mkbootstrap for DBI () chmod 644 DBI.bs rm -f blib/arch/auto/DBI/DBI.so cc -shared -L/usr/local/lib DBI.o -o blib/arch/auto/DBI/DBI.so \ \ chmod 755 blib/arch/auto/DBI/DBI.so cp DBI.bs blib/arch/auto/DBI/DBI.bs chmod 644 blib/arch/auto/DBI/DBI.bs /usr/bin/perl "-Iblib/arch" "-Iblib/lib" dbiproxy.PL dbiproxy Extracted dbiproxy from dbiproxy.PL with variable substitutions. cp dbiproxy blib/script/dbiproxy /usr/bin/perl "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/dbiproxy /usr/bin/perl "-Iblib/arch" "-Iblib/lib" dbiprof.PL dbiprof Extracted dbiprof from dbiprof.PL with variable substitutions. cp dbiprof blib/script/dbiprof /usr/bin/perl "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/dbiprof Manifying blib/man1/dbiproxy.1p Manifying blib/man1/dbiprof.1p Manifying blib/man3/DBI::ProfileDumper.3pm Manifying blib/man3/Roadmap.3pm Manifying blib/man3/DBI::DBD::Metadata.3pm Manifying blib/man3/DBI::Const::GetInfoReturn.3pm Manifying blib/man3/DBI::Const::GetInfo::ANSI.3pm Manifying blib/man3/DBI::PurePerl.3pm Manifying blib/man3/DBI::Profile.3pm Manifying blib/man3/DBI::SQL::Nano.3pm Manifying blib/man3/DBD::File.3pm Manifying blib/man3/DBD::DBM.3pm Manifying blib/man3/DBI.3pm Manifying blib/man3/DBI::FAQ.3pm Manifying blib/man3/Bundle::DBI.3pm Manifying blib/man3/Win32::DBIODBC.3pm Manifying blib/man3/DBI::W32ODBC.3pm Manifying blib/man3/DBI::DBD.3pm Manifying blib/man3/DBI::ProfileData.3pm Manifying blib/man3/DBD::Proxy.3pm Manifying blib/man3/DBI::ProxyServer.3pm Manifying blib/man3/DBI::Const::GetInfoType.3pm Manifying blib/man3/DBI::ProfileDumper::Apache.3pm Manifying blib/man3/DBD::Sponge.3pm Manifying blib/man3/DBI::Const::GetInfo::ODBC.3pm PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/01basics...............ok 4/131 skipped: developer tests t/02dbidrv...............ok t/03handle...............ok t/04mods.................ok t/05thrclone.............skipped all skipped: developer tests t/06attrs................ok t/07kids.................ok t/08keeperr..............ok t/09trace................ok t/10examp................ok t/11fetch................Can't load '/usr/local/lib/site_perl/i386-linux/auto/Storable/Storable.so' for module Storable: /usr/local/lib/site_perl/i386-linux/auto/Storable/Storable.so: undefined symbol: cast_iv at /usr/lib/perl/5.6.1/DynaLoader.pm line 202. at t/11fetch.t line 8 Compilation failed in require at t/11fetch.t line 8. BEGIN failed--compilation aborted at t/11fetch.t line 8. t/11fetch................dubious Test returned status 255 (wstat 65280, 0xff00) t/14utf8.................skipped all skipped: developer tests t/15array................ok t/20meta.................ok t/30subclass.............ok t/40profile..............ok t/41prof_dump............ok t/42prof_data............ok t/43profenv..............ok t/50dbm..................ok t/60preparse.............ok t/70callbacks............ok t/72childhandles.........skipped all skipped: developer tests t/80proxy................skipped all skipped: developer tests t/pod....................skipped all skipped: developer tests t/zvpp_01basics..........ok 6/131 skipped: various reasons t/zvpp_02dbidrv..........ok 10/51 skipped: various reasons t/zvpp_03handle..........ok 76/135 skipped: various reasons t/zvpp_04mods............ok t/zvpp_05thrclone........skipped all skipped: various reasons t/zvpp_06attrs...........ok 7/137 skipped: various reasons t/zvpp_07kids............skipped all skipped: various reasons t/zvpp_08keeperr.........ok t/zvpp_09trace...........ok t/zvpp_10examp...........ok 39/253 skipped: various reasons t/zvpp_11fetch...........Can't load '/usr/local/lib/site_perl/i386-linux/auto/Storable/Storable.so' for module Storable: /usr/local/lib/site_perl/i386-linux/auto/Storable/Storable.so: undefined symbol: cast_iv at /usr/lib/perl/5.6.1/DynaLoader.pm line 202. at t/11fetch.t line 8 Compilation failed in require at t/11fetch.t line 8. BEGIN failed--compilation aborted at t/11fetch.t line 8. ...caught at t/zvpp_11fetch.t line 3. Can't load '/usr/local/lib/site_perl/i386-linux/auto/Storable/Storable.so' for module Storable: /usr/local/lib/site_perl/i386-linux/auto/Storable/Storable.so: undefined symbol: cast_iv at /usr/lib/perl/5.6.1/DynaLoader.pm line 202. at t/11fetch.t line 8 Compilation failed in require at t/11fetch.t line 8. BEGIN failed--compilation aborted at t/11fetch.t line 8. ...caught ...propagated at t/zvpp_11fetch.t line 4. t/zvpp_14utf8............skipped all skipped: various reasons t/zvpp_15array...........ok t/zvpp_20meta............ok t/zvpp_30subclass........ok t/zvpp_40profile.........skipped all skipped: various reasons t/zvpp_41prof_dump.......skipped all skipped: various reasons t/zvpp_42prof_data.......skipped all skipped: various reasons t/zvpp_43profenv.........skipped all skipped: various reasons t/zvpp_50dbm.............ok t/zvpp_60preparse........skipped all skipped: various reasons t/zvpp_70callbacks.......skipped all skipped: various reasons t/zvpp_72childhandles....skipped all skipped: various reasons t/zvpp_80proxy...........skipped all skipped: various reasons Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- t/11fetch.t 255 65280 ?? ?? % ?? 16 tests and 142 subtests skipped. Failed 1/49 test scripts, 95.92% okay. 0/2156 subtests failed, 100.00% okay. make: *** [test_dynamic] Error 11 ..." Regards, Gregg Berkholtz From jclark at morpace.com Wed Feb 1 18:45:46 2006 From: jclark at morpace.com (Joan Clark) Date: Wed Feb 1 18:47:41 2006 Subject: ALL_TRUSTED problems Message-ID: >>> Edge@twu.ca 02/01/06 11:26AM >>> -----Original Message----- >> >I'd also STRONGLY suggest running: >> >spamassassin --lint. >> >> >As previously suggested. You should run that EVERY time you edit a >> config file. >> >> Which I always do. No problems reported. >Ok, how about quoting a bit of the begining of "spamassassin --lint -D" here? Just the >part Matt's been asking about... Okay here you go. The --lint -D output from root login: ----------------------- [7789] dbg: ignore: using a test message to lint rules [7789] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [7789] dbg: config: read file /etc/mail/spamassassin/init.pre [7789] dbg: config: using "/usr/share/spamassassin" for sys rules pre files [7789] dbg: config: using "/usr/share/spamassassin" for default rules dir [7789] dbg: config: read file /usr/share/spamassassin/10_misc.cf [7789] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf [7789] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf [7789] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_compensate.cf [7789] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_drugs.cf [7789] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/20_phrases.cf [7789] dbg: config: read file /usr/share/spamassassin/20_porn.cf [7789] dbg: config: read file /usr/share/spamassassin/20_ratware.cf [7789] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf [7789] dbg: config: read file /usr/share/spamassassin/23_bayes.cf [7789] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf [7789] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf [7789] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf [7789] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf [7789] dbg: config: read file /usr/share/spamassassin/25_dcc.cf [7789] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf [7789] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf [7789] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf [7789] dbg: config: read file /usr/share/spamassassin/25_razor2.cf [7789] dbg: config: read file /usr/share/spamassassin/25_replace.cf [7789] dbg: config: read file /usr/share/spamassassin/25_spf.cf [7789] dbg: config: read file /usr/share/spamassassin/25_textcat.cf [7789] dbg: config: read file /usr/share/spamassassin/25_uribl.cf [7789] dbg: config: read file /usr/share/spamassassin/30_text_de.cf [7789] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf [7789] dbg: config: read file /usr/share/spamassassin/30_text_it.cf [7789] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf [7789] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf [7789] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf [7789] dbg: config: read file /usr/share/spamassassin/50_scores.cf [7789] dbg: config: read file /usr/share/spamassassin/60_awl.cf [7789] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf [7789] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf [7789] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf [7789] dbg: config: using "/etc/mail/spamassassin" for site rules dir [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_adult.cf [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum1.cf [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum2.cf [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu0.cf [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_oem.cf [7789] dbg: config: read file /etc/mail/spamassassin/70_sare_spoof.cf [7789] dbg: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf [7789] dbg: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf [7789] dbg: config: read file /etc/mail/spamassassin/chickenpox.cf [7789] dbg: config: read file /etc/mail/spamassassin/local.cf [7789] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf ------------------------- >From within MailWatch which I assume would be the same as what MailScanner is close to seeing as it is idential to what I get as the postfix user: ----------- [4409] dbg: ignore: using a test message to lint rules 0.00028 [4409] dbg: config: using "/etc/mail/spamassassin" for site rules pre files 0.00028 [4409] dbg: config: read file /etc/mail/spamassassin/init.pre 0.00028 [4409] dbg: config: using "/usr/share/spamassassin" for sys rules pre files 0.00026 [4409] dbg: config: using "/usr/share/spamassassin" for default rules dir 0.00027 [4409] dbg: config: read file /usr/share/spamassassin/10_misc.cf 0.00028 [4409] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf 0.00028 [4409] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf 0.00027 [4409] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf 0.00027 [4409] dbg: config: read file /usr/share/spamassassin/20_compensate.cf 0.0003 [4409] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf 0.00029 [4409] dbg: config: read file /usr/share/spamassassin/20_drugs.cf 0.00028 [4409] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf 0.00052 [4409] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf 0.00172 [4409] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf 0.00109 [4409] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf 0.00044 [4409] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf 0.00034 [4409] dbg: config: read file /usr/share/spamassassin/20_phrases.cf 0.00092 [4409] dbg: config: read file /usr/share/spamassassin/20_porn.cf 0.00049 [4409] dbg: config: read file /usr/share/spamassassin/20_ratware.cf 0.00086 [4409] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf 0.00066 [4409] dbg: config: read file /usr/share/spamassassin/23_bayes.cf 0.00037 [4409] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf 0.00031 [4409] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf 0.0003 [4409] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf 0.00056 [4409] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf 0.00099 [4409] dbg: config: read file /usr/share/spamassassin/25_dcc.cf 0.00031 [4409] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf 0.0003 [4409] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf 0.00033 [4409] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf 0.0003 [4409] dbg: config: read file /usr/share/spamassassin/25_razor2.cf 0.00029 [4409] dbg: config: read file /usr/share/spamassassin/25_replace.cf 0.00067 [4409] dbg: config: read file /usr/share/spamassassin/25_spf.cf 0.00041 [4409] dbg: config: read file /usr/share/spamassassin/25_textcat.cf 0.0003 [4409] dbg: config: read file /usr/share/spamassassin/25_uribl.cf 0.00044 [4409] dbg: config: read file /usr/share/spamassassin/30_text_de.cf 0.0019 [4409] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf 0.00188 [4409] dbg: config: read file /usr/share/spamassassin/30_text_it.cf 0.00051 [4409] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf 0.00145 [4409] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf 0.00132 [4409] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf 0.00045 [4409] dbg: config: read file /usr/share/spamassassin/50_scores.cf 0.00168 [4409] dbg: config: read file /usr/share/spamassassin/60_awl.cf 0.00048 [4409] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf 0.00044 [4409] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf 0.00043 [4409] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf 0.00033 [4409] dbg: config: using "/etc/mail/spamassassin" for site rules dir 0.00188 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_adult.cf 0.00153 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf 0.00088 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum1.cf 0.00035 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum2.cf 0.00049 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu0.cf 0.00189 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_oem.cf 0.00091 [4409] dbg: config: read file /etc/mail/spamassassin/70_sare_spoof.cf 0.00105 [4409] dbg: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf 0.00087 [4409] dbg: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf 0.00053 [4409] dbg: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf 0.00631 [4409] dbg: config: read file /etc/mail/spamassassin/chickenpox.cf 0.00144 [4409] dbg: config: read file /etc/mail/spamassassin/local.cf 0.00039 [4409] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf 0.00077 [4409] dbg: config: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file 0.00027 [4409] dbg: config: read file /etc/MailScanner/spam.assassin.prefs.conf --------------------- >> >> >> Please use https://helpdesk.twu.ca for all Technical support requests. >> >Really? A relative of mine has these BMC 1300s that consume approximately as much oil as >petrol.... Would the helpdesk handle that >too:-):-) :-) Oops, looks like I used my internal sig. on that message. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -- MailScanner mailing list MailScanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Greetings, Please take a quick look at if you have not already: /usr/share/spamassassin/50_scores.cf Hopefully you might find something there. Good luck! From alex at nkpanama.com Wed Feb 1 19:11:44 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 1 19:11:54 2006 Subject: OT: sendmail greet_pause feature In-Reply-To: References: Message-ID: <43E107F0.1050104@nkpanama.com> I swear by greet_pause since it came out. I've even installed in on old Red Hat / Fedora sites by using city-fan.org's rpm's at http://www.city-fan.org/ftp/contrib/mail/ for older Red Hats. Jim Holland wrote: > Perhaps other sendmail users know all about this, but I have only looked > at it for the first time. > > I run sendmail 8.13.1 and have decided to implement the greet_pause > feature for the first time (after seeing that it is a default option in > Debian installations). This requires a specified delay after connection, > which can be network specific, before a client system is allowed to send > any SMTP commands. Any client that breaks normal SMTP protocols by trying > to force commands before receiving the go-ahead is immediately > disconnected. This seems to distinguish very successfully between genuine > mailers and spammers/viruses that are not RFC-compliant. > > Using a 5 second delay I have found that the system has blocked over 3200 > connections in the first 24 hours I used it. The client systems were all > typical of spammers, with adsl/ppp/dhcp/dialup/cable/cpe type hostnames or > no PTR record at all. I found only four systems in the blocked group that > looked as if they were genuine. On further investigation I found that > earlier log records for some of those sites indicated behaviour typical of > virus infections in any case. > > To implement the feature: > > Add the following to the sendmail.mc file: > > FEATURE(`greet_pause', `5000')dnl 5 seconds > > Rebuild sendmail and restart MailScanner: > > m4 < sendmail.mc > sendmail.cf > service MailScanner restart > > Then specific entries for client hostname, domain, IP address or subnet > can be put in the access file: > > GreetPause:my.domain 0 > GreetPause:example.com 5000 > GreetPause:10.1.2 2000 > GreetPause:127.0.0.1 0 > > Definitely worth a look I would say, as it blocks large numbers of > spammers before they are allowed to send any data, with very low risk of > blocking genuine systems. It even seems to allow genuine mail from > infected systems to be accepted while blocking viruses from those same > systems before the DATA phase - as many viruses seem to behave rather > impolitely :-) > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From alex at nkpanama.com Wed Feb 1 19:14:39 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 1 19:14:45 2006 Subject: ALL_TRUSTED problems In-Reply-To: <223f97700602010049k72250beat@mail.gmail.com> References: <223f97700602010049k72250beat@mail.gmail.com> Message-ID: <43E1089F.3000003@nkpanama.com> Glenn Steen wrote: > On 01/02/06, Richard Edge wrote: > >> > Ok, how about quoting a bit of the begining of "spamassassin --lint > -D" here? Just the part Matt's been asking about... > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > Sorry for the newbie "bash" / spamassassin question, but is there a way for spamassassin to output to stdout instead of stderr so I can look at it with "more" or "less"? I keep having to &> to a tempfile and then "less" the tempfile. -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From alex at nkpanama.com Wed Feb 1 19:15:13 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 1 19:15:19 2006 Subject: sendmail greet_pause feature In-Reply-To: <023301c62719$f6c921c0$0600a8c0@roger> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> Message-ID: <43E108C1.4060308@nkpanama.com> Try http://www.city-fan.org/ftp/contrib/mail/ and see if there's an RPM that'll fit your box. Roger Jochem wrote: > I'm using the rpm version of sendmail in my centos-3 box (sendmail > 8.12) and I would like to upgrade to sendmail 8.13 to use this > feature, that seems really great. Is there some problem I should be > aware, or the tar.gz version found at sendmail.org would work fine on > my machine? Anyone using 8.13 at centos-3 or some similar OS? > > Regards > > Roger Jochem > > ----- Original Message ----- From: "Anders Andersson, IT" > > To: "MailScanner discussion" > Sent: Wednesday, February 01, 2006 8:01 AM > Subject: RE: sendmail greet_pause feature > > >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>> Of Jim Holland >>> Sent: Wednesday, February 01, 2006 9:12 AM >>> To: MailScanner mailing list >>> Subject: OT: sendmail greet_pause feature >>> >>> Perhaps other sendmail users know all about this, but I have >>> only looked at it for the first time. >>> >>> I run sendmail 8.13.1 and have decided to implement the >>> greet_pause feature for the first time (after seeing that it >>> is a default option in Debian installations). This requires >>> a specified delay after connection, which can be network >>> specific, before a client system is allowed to send any SMTP >>> commands. Any client that breaks normal SMTP protocols by >>> trying to force commands before receiving the go-ahead is >>> immediately disconnected. This seems to distinguish very >>> successfully between genuine mailers and spammers/viruses >>> that are not RFC-compliant. >>> >>> Using a 5 second delay I have found that the system has >>> blocked over 3200 connections in the first 24 hours I used >>> it. The client systems were all typical of spammers, with >>> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR >>> record at all. I found only four systems in the blocked >>> group that looked as if they were genuine. On further >>> investigation I found that earlier log records for some of >>> those sites indicated behaviour typical of virus infections >>> in any case. >> >> I second that, thoguh I raised mine to 25 sec just for the fun of it. I >> started low but raised it by 5 sec eeverytime and its been running >> smooth. So far no one complained and the ones we have a great >> mailexchange with been added to acces list >> >> /Anders >> >>> >>> To implement the feature: >>> >>> Add the following to the sendmail.mc file: >>> >>> FEATURE(`greet_pause', `5000')dnl 5 seconds >>> >>> Rebuild sendmail and restart MailScanner: >>> >>> m4 < sendmail.mc > sendmail.cf >>> service MailScanner restart >>> >>> Then specific entries for client hostname, domain, IP address >>> or subnet can be put in the access file: >>> >>> GreetPause:my.domain 0 >>> GreetPause:example.com 5000 >>> GreetPause:10.1.2 2000 >>> GreetPause:127.0.0.1 0 >>> >>> Definitely worth a look I would say, as it blocks large >>> numbers of spammers before they are allowed to send any data, >>> with very low risk of blocking genuine systems. It even >>> seems to allow genuine mail from infected systems to be >>> accepted while blocking viruses from those same systems >>> before the DATA phase - as many viruses seem to behave rather >>> impolitely :-) >>> >>> Regards >>> >>> Jim Holland >>> System Administrator >>> MANGO - Zimbabwe's non-profit e-mail service >> -- >> MailScanner mailing list >> MailScanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From Denis.Beauchemin at USherbrooke.ca Wed Feb 1 19:19:19 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Feb 1 19:19:39 2006 Subject: ALL_TRUSTED problems In-Reply-To: <43E1089F.3000003@nkpanama.com> References: <223f97700602010049k72250beat@mail.gmail.com> <43E1089F.3000003@nkpanama.com> Message-ID: <43E109B7.4020709@USherbrooke.ca> Alex Neuman van der Hans wrote: > > > Glenn Steen wrote: > >> On 01/02/06, Richard Edge wrote: >> >> >>> >> >> Ok, how about quoting a bit of the begining of "spamassassin --lint >> -D" here? Just the part Matt's been asking about... >> >> -- >> -- Glenn >> email: glenn < dot > steen < at > gmail < dot > com >> work: glenn < dot > steen < at > ap1 < dot > se >> > > Sorry for the newbie "bash" / spamassassin question, but is there a > way for spamassassin to output to stdout instead of stderr so I can > look at it with "more" or "less"? I keep having to &> to a tempfile > and then "less" the tempfile. > Alex, Use: command 2>&1 | less to redirect stderr to the same file descriptor as stdout. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 From alex at nkpanama.com Wed Feb 1 19:36:01 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 1 19:36:16 2006 Subject: sendmail greet_pause feature In-Reply-To: <2181C5F19DD0254692452BFF3EAF1D6801527A4E@rsys005a.comm.ad.roke.co.uk> References: <2181C5F19DD0254692452BFF3EAF1D6801527A4E@rsys005a.comm.ad.roke.co.uk> Message-ID: <43E10DA1.9030501@nkpanama.com> Alongside. I've set up greylisting on most domains I administer. Also works wonders. I *do* start greylisting with a low value (30 seconds) and work my way up to what is comfortable (some people *demand* their e-mail be let through immediately). Plant, Dean wrote: > Should this be used as a replacement to greylisting or can it be used > along side? > > Dean > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jim > Holland > Sent: 01 February 2006 08:12 > To: MailScanner mailing list > Subject: OT: sendmail greet_pause feature > > > Perhaps other sendmail users know all about this, but I have only looked > > at it for the first time. > > I run sendmail 8.13.1 and have decided to implement the greet_pause > feature for the first time (after seeing that it is a default option in > Debian installations). This requires a specified delay after > connection, > which can be network specific, before a client system is allowed to send > any SMTP commands. Any client that breaks normal SMTP protocols by > trying > to force commands before receiving the go-ahead is immediately > disconnected. This seems to distinguish very successfully between > genuine > mailers and spammers/viruses that are not RFC-compliant. > > Using a 5 second delay I have found that the system has blocked over > 3200 > connections in the first 24 hours I used it. The client systems were > all > typical of spammers, with adsl/ppp/dhcp/dialup/cable/cpe type hostnames > or > no PTR record at all. I found only four systems in the blocked group > that > looked as if they were genuine. On further investigation I found that > earlier log records for some of those sites indicated behaviour typical > of > virus infections in any case. > > To implement the feature: > > Add the following to the sendmail.mc file: > > FEATURE(`greet_pause', `5000')dnl 5 seconds > > Rebuild sendmail and restart MailScanner: > > m4 < sendmail.mc > sendmail.cf > service MailScanner restart > > Then specific entries for client hostname, domain, IP address or subnet > can be put in the access file: > > GreetPause:my.domain 0 > GreetPause:example.com 5000 > GreetPause:10.1.2 2000 > GreetPause:127.0.0.1 0 > > Definitely worth a look I would say, as it blocks large numbers of > spammers before they are allowed to send any data, with very low risk of > > blocking genuine systems. It even seems to allow genuine mail from > infected systems to be accepted while blocking viruses from those same > systems before the DATA phase - as many viruses seem to behave rather > impolitely :-) > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From Edge at twu.ca Wed Feb 1 20:00:01 2006 From: Edge at twu.ca (Richard Edge) Date: Wed Feb 1 19:59:39 2006 Subject: ALL_TRUSTED problems Message-ID: The trouble with making changes in the 50_scores.cf is that the change will be overwrittent whenever SA is updated. I should be able to place 'overrides' in the spam.assassin.prefs.conf file as the documentation states and have them override the defaults. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Joan Clark Sent: Wednesday, February 01, 2006 10:46 AM To: mailscanner@lists.mailscanner.info Subject: RE: ALL_TRUSTED problems Greetings, Please take a quick look at if you have not already: /usr/share/spamassassin/50_scores.cf Hopefully you might find something there. From glenn.steen at gmail.com Wed Feb 1 20:16:22 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 1 20:16:26 2006 Subject: Fwd: SQLite and postfix... In-Reply-To: <223f97700602010923w68b73106l@mail.gmail.com> References: <223f97700602010923w68b73106l@mail.gmail.com> Message-ID: <223f97700602011216x753fafccx@mail.gmail.com> ---------- Forwarded message ---------- From: Glenn Steen Date: 01-Feb-2006 18:23 Subject: SQLite and postfix... To: MailScanner@lists.mailscanner.info Just a note, if this hasn't been covered already: Updated to the latest stable (4.50.14) on my prod machine running postfix...It's a Mdv 10.2, so I used that rpm method. Apparantly the SQLite db got created during install, with only user rw perms... and a "non-postfix" user. This made MailScanner loop during startup (all the children died immediately). Running --debug complained about line 172 in SA.pm, which happen to be an operation on the SQLite, so ... eventually led me right:-). Simple fix is to remove the file /var/spool/MailScanner/incoming/SpamAssassin.cache.db and do "service MailScanner restart" ... and a pristine file with the correect perms/owner get created. One could've just changed the owner, of course:-). Other than that, it looks to be _really_ nice... and fast. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Feb 1 20:23:04 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 1 20:23:08 2006 Subject: Fwd: Returned mail: List unknown In-Reply-To: <200602011723.k11HNYrL000928@bkserver.blacknight.ie> References: <200602011723.k11HNYrL000928@bkserver.blacknight.ie> Message-ID: <223f97700602011223ie28f8fp@mail.gmail.com> Seems the MailMan is picky about case of the user part of the address... The mail below (now forwarded to the list separately too) was sent by clicking on the address in the standard list footer, which has been "beutified" with the usual mixed cas... Which seems to be a no-no. Sigh. IIRC, MailMan is actually correct in making this distinction in the user part of the adress, so... Jules (or Paul or Michelle), could you change this to match the actual list name (mailscanner)? ---------- Forwarded message ---------- From: MAILER-DAEMON@lists.mailscanner.info Date: 01-Feb-2006 18:23 Subject: Returned mail: List unknown To: glenn.steen@gmail.com Your mail for MailScanner@lists.mailscanner.info could not be sent: no list named "MailScanner" is known by lists.mailscanner.info For a list of publicly-advertised mailing lists hosted on this server, visit this URL: http://lists.mailscanner.info/ If this does not resolve your problem, you may write to: postmaster@lists.mailscanner.info or mailman-owner@lists.mailscanner.info lists.mailscanner.info delivers e-mail to registered mailing lists and to the administrative addresses defined and required by IETF Request for Comments (RFC) 2142 [1]. Personal e-mail addresses are not offered by this server. The Internet Engineering Task Force [2] (IETF) oversees the development of open standards for the Internet community, including the protocols and formats employed by Internet mail systems. For your convenience, your original mail is attached. [1] Crocker, D. "Mailbox Names for Common Services, Roles and Functions". http://www.ietf.org/rfc/rfc2142.txt [2] http://www.ietf.org/ ---------- Forwarded message ---------- From: Glenn Steen To: MailScanner@lists.mailscanner.info Date: Wed, 1 Feb 2006 18:23:32 +0100 Subject: SQLite and postfix... Just a note, if this hasn't been covered already: Updated to the latest stable (4.50.14) on my prod machine running postfix...It's a Mdv 10.2, so I used that rpm method. Apparantly the SQLite db got created during install, with only user rw perms... and a "non-postfix" user. This made MailScanner loop during startup (all the children died immediately). Running --debug complained about line 172 in SA.pm, which happen to be an operation on the SQLite, so ... eventually led me right:-). Simple fix is to remove the file /var/spool/MailScanner/incoming/SpamAssassin.cache.db and do "service MailScanner restart" ... and a pristine file with the correect perms/owner get created. One could've just changed the owner, of course:-). Other than that, it looks to be _really_ nice... and fast. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Feb 1 20:34:28 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 1 20:34:32 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: Message-ID: <223f97700602011234k337d9adaq@mail.gmail.com> On 01/02/06, Richard Edge wrote: > The trouble with making changes in the 50_scores.cf is that the change > will be overwrittent whenever SA is updated. I should be able to place > 'overrides' in the spam.assassin.prefs.conf file as the documentation > states and have them override the defaults. > > Richard Edge > Senior Systems Administrator | Technology Services > Trinity Western University | t: 604.513.2089 > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > Hi Richard, How abot it? Could you please qquote at least the relevant parts of a lint&debug run? Pretty please:-)... Or did you give us that already`(Meaning I should go delve into the archives...:). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dnsadmin at 1bigthink.com Wed Feb 1 20:40:19 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Wed Feb 1 20:40:26 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: Message-ID: <6.2.3.4.0.20060201153641.09c37af8@mxt.1bigthink.com> At 03:00 PM 2/1/2006, you wrote: >The trouble with making changes in the 50_scores.cf is that the change >will be overwrittent whenever SA is updated. I should be able to place >'overrides' in the spam.assassin.prefs.conf file as the documentation >states and have them override the defaults. Hello Richard, I looked back at the threads for this post after I saw something very spammy and pornographic (even spelled correctly!) slip by my server last night and it was due to the ALL_TRUSTED rule as well. Is that what happened to you? Where are the guts of what is triggering ALL_TRUSTED? I don't have any trusted_networks defined in my configs that I know of, nor have seen since hunting through configs for this. Thanks, Glenn From glenn.steen at gmail.com Wed Feb 1 20:57:41 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 1 20:57:45 2006 Subject: ALL_TRUSTED problems In-Reply-To: <6.2.3.4.0.20060201153641.09c37af8@mxt.1bigthink.com> References: <6.2.3.4.0.20060201153641.09c37af8@mxt.1bigthink.com> Message-ID: <223f97700602011257t35f95c96p@mail.gmail.com> On 01/02/06, dnsadmin 1bigthink.com wrote: > At 03:00 PM 2/1/2006, you wrote: > > >The trouble with making changes in the 50_scores.cf is that the change > >will be overwrittent whenever SA is updated. I should be able to place > >'overrides' in the spam.assassin.prefs.conf file as the documentation > >states and have them override the defaults. > > Hello Richard, > > I looked back at the threads for this post after I saw something very > spammy and pornographic (even spelled correctly!) slip by my server > last night and it was due to the ALL_TRUSTED rule as well. Is that > what happened to you? > > Where are the guts of what is triggering ALL_TRUSTED? Hi Glenn, The "guts" are in spamassassin, of course... Matt Kettler has covered this extensively on this list in the past (how it works, what it is and what to do about it getting misdetected)... Pehraps one of those would turn up if you search the list archives (on gmane) for kettler and trusted_path:-). > I don't have any trusted_networks defined in my configs that I know > of, nor have seen since hunting through configs for this. You should set trusted_networks to your mailservers IP addresses (or network). IIRC this is suggested in spam.assassin.prefs.conf / mailscanner.cf .... > Thanks, > Glenn > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Edge at twu.ca Wed Feb 1 20:58:02 2006 From: Edge at twu.ca (Richard Edge) Date: Wed Feb 1 20:57:56 2006 Subject: ALL_TRUSTED problems Message-ID: Yes, this is part of the problem. I am noticing a number of messages that are spam and would be identified as such and quarantined. The ALL_TRUSTED -1.80 score being the one that makes the difference in these cases. My installation on both gateways is acting exactly the same. Both installations were done eaxclty the same way using the MailScaner RPM install.sh installation script in evey case on RHEL 3 Update 6. The directories and configuation file locations is the same as the default RPM installation. The mailscanner.cf file is in the /etc/mail/spamassassin directory as a link to /etc/MailScanner/spam.assassin.prefs.conf. My MailScanner.conf file is in /etc/MailScanner. For Glen: I posted the output of spamasassin --lint in a message sent this morning at 8:26 AM. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of dnsadmin 1bigthink.com Sent: Wednesday, February 01, 2006 12:40 PM To: MailScanner discussion Subject: RE: ALL_TRUSTED problems At 03:00 PM 2/1/2006, you wrote: >The trouble with making changes in the 50_scores.cf is that the change >will be overwrittent whenever SA is updated. I should be able to place >'overrides' in the spam.assassin.prefs.conf file as the documentation >states and have them override the defaults. Hello Richard, I looked back at the threads for this post after I saw something very spammy and pornographic (even spelled correctly!) slip by my server last night and it was due to the ALL_TRUSTED rule as well. Is that what happened to you? Where are the guts of what is triggering ALL_TRUSTED? I don't have any trusted_networks defined in my configs that I know of, nor have seen since hunting through configs for this. Thanks, Glenn -- MailScanner mailing list MailScanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From lhaig at haigmail.com Wed Feb 1 20:59:30 2006 From: lhaig at haigmail.com (Lance Haig) Date: Wed Feb 1 20:59:33 2006 Subject: Downloading the latest update :-) Message-ID: <43E12132.5060402@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have one question though. Is it easier to download the SA clam package from Julians site to update clam or would it be better to just update clam from the clam site? I don't want to lose the clamavmodule part of the install as I have had problems installing it in the past. I have SA 3.1 and Clamav 87 on suse 9.3 Thanks Lance -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4SEyM4kHBIBZ61gRAjV3AKCXhy4sgKFH9TTlteH98BVAeYEVMQCfRYwU dWfK4YybBM96+YPocrtwQr0= =g9xQ -----END PGP SIGNATURE----- From timgrooms at noacon.com Wed Feb 1 21:06:11 2006 From: timgrooms at noacon.com (Tim Grooms) Date: Wed Feb 1 21:03:51 2006 Subject: Having trouble with mqueue.in Message-ID: <43E122C3.20705@noacon.com> Installed MailScanner-4.50.14-1 and ClamAV/SpamAssassin today from the rpm files MailScanner-4.50.14-1.rpm.tar.gz and install-Clam-SA.tar.gz Everything seemed to work fine in the installs. Ran upgrade_MailScanner_conf and upgrade_languages.conf and those seemed to go ok as well. I am using Fedora Core 4 and sendmail. I cannot get incoming mail to come through and get the following when trying to start MailScanner: --------------------------------------------------------------------------------------------------------- [root@www log]# service MailScanner start Starting MailScanner daemons: incoming sendmail: Warning: Option: AuthOptions requires SASL support (-DSASL) /): No such file or directoryspool/mqueue.in [OK] outgoing sendmail: Warning: Option: AuthOptions requires SASL support (-DSASL) [OK] MailScanner [OK] [root@www log]# ---------------------------------------------------------------------------------------------------------- There are no errors in the maillog file everything appears to start normally. I have checked the folders and permissions in /var/spool and all seems OK there as well as the path in MailScanner.conf to both incoming and outgoing queues. Any suggestions? I'm stumped. Thanks. From glenn.steen at gmail.com Wed Feb 1 21:06:05 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 1 21:06:10 2006 Subject: ALL_TRUSTED problems In-Reply-To: <223f97700602011257t35f95c96p@mail.gmail.com> References: <6.2.3.4.0.20060201153641.09c37af8@mxt.1bigthink.com> <223f97700602011257t35f95c96p@mail.gmail.com> Message-ID: <223f97700602011306w6bda9bfbi@mail.gmail.com> On 01/02/06, Glenn Steen wrote: > On 01/02/06, dnsadmin 1bigthink.com wrote: > > At 03:00 PM 2/1/2006, you wrote: > > > > >The trouble with making changes in the 50_scores.cf is that the change > > >will be overwrittent whenever SA is updated. I should be able to place > > >'overrides' in the spam.assassin.prefs.conf file as the documentation > > >states and have them override the defaults. > > > > Hello Richard, > > > > I looked back at the threads for this post after I saw something very > > spammy and pornographic (even spelled correctly!) slip by my server > > last night and it was due to the ALL_TRUSTED rule as well. Is that > > what happened to you? > > > > Where are the guts of what is triggering ALL_TRUSTED? > Hi Glenn, > > The "guts" are in spamassassin, of course... Matt Kettler has covered > this extensively on this list in the past (how it works, what it is > and what to do about it getting misdetected)... Pehraps one of those > would turn up if you search the list archives (on gmane) for kettler > and trusted_path:-). > > > I don't have any trusted_networks defined in my configs that I know > > of, nor have seen since hunting through configs for this. > > You should set trusted_networks to your mailservers IP addresses (or network). > IIRC this is suggested in spam.assassin.prefs.conf / mailscanner.cf .... > > > Thanks, > > Glenn > > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > Here's a link to one (with Jules reply... First hit, and I'm too lazy to find the original:-): http://article.gmane.org/gmane.mail.virus.mailscanner/26152/match=kettler+trust+path -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Wed Feb 1 21:15:16 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 21:15:22 2006 Subject: Cannot install DBI with MS 4.50.14 In-Reply-To: <20060201182512.GA30959@gbcomputers.com> References: <20060201182512.GA30959@gbcomputers.com> Message-ID: <43E124E4.6070907@ecs.soton.ac.uk> Do perl -MCPAN -e shell install Storable quit Make sure it doesn't start upgrading your entire Perl installation, thump Ctrl-C like crazy if it does! Then try running the install.sh again. Gregg Berkholtz wrote: > It appears I cant install DBI as I'm getting the following error after running > MailScanner's install.sh on a Debian 3.0 system. Any assistance is greatly > appreciated: > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Feb 1 21:23:08 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 21:23:10 2006 Subject: Fwd: SQLite and postfix... In-Reply-To: <223f97700602011216x753fafccx@mail.gmail.com> References: <223f97700602010923w68b73106l@mail.gmail.com> <223f97700602011216x753fafccx@mail.gmail.com> Message-ID: <43E126BC.3020108@ecs.soton.ac.uk> Glenn Steen wrote: > ---------- Forwarded message ---------- > From: Glenn Steen > Date: 01-Feb-2006 18:23 > Subject: SQLite and postfix... > To: MailScanner@lists.mailscanner.info > > > Just a note, if this hasn't been covered already: > > Updated to the latest stable (4.50.14) on my prod machine running > postfix...It's a Mdv 10.2, so I used that rpm method. > > Apparantly the SQLite db got created during install, with only user rw > perms... and a "non-postfix" user. This made MailScanner loop during > startup (all the children died immediately). Running --debug > complained about line 172 in SA.pm, which happen to be an operation on > the SQLite, so ... eventually led me right:-). > > Simple fix is to remove the file > /var/spool/MailScanner/incoming/SpamAssassin.cache.db and do "service > MailScanner restart" ... and a pristine file with the correect > perms/owner get created. One could've just changed the owner, of > course:-). > > Other than that, it looks to be _really_ nice... and fast. The db file shouldn't be created by the installation. Are you sure you didn't run it at all before setting the Run As User? Glad to hear it is faster :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Wed Feb 1 21:27:33 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 1 21:27:37 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: Message-ID: <223f97700602011327r168daca0n@mail.gmail.com> On 01/02/06, Richard Edge wrote: (snip) > For Glen: > I posted the output of spamasassin --lint in a message sent this morning > at 8:26 AM. Ooops, sorry! Missed it earlier (have had quite a day, trying to squeeze in a MailScaner update into an already overfull schedule (a lot of VPN tomfoolery.... and laptops... and meetings...Sheez, I'm a _server_ type of guy:-). Ok, assuming the output for the postfix user is (as you say) the same as for the root and apache users... This really _is_ strange. If you use od -oc on the mailscanner.cf, do you see any stray .... non-printable characters or somesuch? If you intriduce an error into the file and then lint it, does that show? Just add an unknown (by SA) string... If not, something makes SA abandon the file silently... Which sound pretty unlikely, now doesn't it? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Wed Feb 1 21:33:48 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 21:33:52 2006 Subject: Downloading the latest update :-) In-Reply-To: <43E12132.5060402@haigmail.com> References: <43E12132.5060402@haigmail.com> Message-ID: <43E1293C.5020503@ecs.soton.ac.uk> Lance Haig wrote: > Is it easier to download the SA clam package from Julians site to update > clam or would it be better to just update clam from the clam site? > > I don't want to lose the clamavmodule part of the install as I have had > problems installing it in the past. > > I have SA 3.1 and Clamav 87 on suse 9.3 > I would do my package. It will upgrade Clam then rebuild Mail::ClamAV and link it against the Clam it just built. More reliable in my view. I don't like building perl modules that call C libraries without knowing I had the latest C library when it was linked together. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Feb 1 21:36:36 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 21:36:39 2006 Subject: Having trouble with mqueue.in In-Reply-To: <43E122C3.20705@noacon.com> References: <43E122C3.20705@noacon.com> Message-ID: <43E129E4.1040304@ecs.soton.ac.uk> Tim Grooms wrote: > Installed MailScanner-4.50.14-1 and ClamAV/SpamAssassin today from the > rpm files > MailScanner-4.50.14-1.rpm.tar.gz and > install-Clam-SA.tar.gz > > Everything seemed to work fine in the installs. Ran > upgrade_MailScanner_conf and > upgrade_languages.conf and those seemed to go ok as well. > > I am using Fedora Core 4 and sendmail. I cannot get incoming mail to > come through and get > the following when trying to start MailScanner: > > --------------------------------------------------------------------------------------------------------- > > > [root@www log]# service MailScanner start > Starting MailScanner daemons: > incoming sendmail: Warning: Option: AuthOptions requires > SASL support (-DSASL) Look for AuthOptions in /etc/mail/sendmail.cf. Try commenting it out completely. > /): No such file or directoryspool/mqueue.in Did it really say that? If so, you've screwed up /var/spool/mqueue.in somewhere. Check it printed exactly this. You should have a /var/spool/mqueue.in directory with the same permissions as /var/spool/mqueue. > > [OK] > outgoing sendmail: Warning: Option: AuthOptions requires > SASL support (-DSASL) > > [OK] > MailScanner > [OK] > [root@www log]# > > ---------------------------------------------------------------------------------------------------------- > > > There are no errors in the maillog file everything appears to start > normally. I have checked the > folders and permissions in /var/spool and all seems OK there as well > as the path in > MailScanner.conf to both incoming and outgoing queues. > > Any suggestions? I'm stumped. > > Thanks. > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From campbell at cnpapers.com Wed Feb 1 21:37:44 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Feb 1 21:37:52 2006 Subject: Beta to latest stable suggestions Message-ID: <002301c62777$bc980a30$0705000a@DDF5DW71> I had installed the 4.50-12 Beta last week to get the latest configuration file changes. Is there any reason to upgrade to the latest stable? Should I have changed the "Minimum Supported Status" in the conf file to 'Beta' for the Beta release, and what are the results of not doing so if I should have changed this? Thanks. Steve Campbell campbell@cnpapers.com Charleston Newspapers From dcurtisathome at hotmail.com Wed Feb 1 21:42:22 2006 From: dcurtisathome at hotmail.com (David Curtis) Date: Wed Feb 1 21:42:26 2006 Subject: Problems starting after upgrading to 4.50.14 Message-ID: I am getting an error now since I upgraded: service MailScanner start Starting MailScanner daemons: incoming postfix: [ OK ] outgoing postfix: [ OK ] MailScanner: In Debugging mode, not forking... Can't call method "do" on an undefined value at /usr/lib/MailScanner/MailScanner/SA.pm line 172. This is the same problem Glenn talked about, but my problem is that there is no "/var/spool/MailScanner/incoming/SpamAssassin.cache.db" file. Any idea's would be very helpfull. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/bab70001/attachment.html From lhaig at haigmail.com Wed Feb 1 21:43:41 2006 From: lhaig at haigmail.com (Lance Haig) Date: Wed Feb 1 21:43:44 2006 Subject: Downloading the latest update :-) In-Reply-To: <43E1293C.5020503@ecs.soton.ac.uk> References: <43E12132.5060402@haigmail.com> <43E1293C.5020503@ecs.soton.ac.uk> Message-ID: <43E12B8D.20002@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Julian, Thanks I will do that I was worried that it would break SA or something Lance Julian Field wrote: > Lance Haig wrote: >> Is it easier to download the SA clam package from Julians site to update >> clam or would it be better to just update clam from the clam site? >> >> I don't want to lose the clamavmodule part of the install as I have had >> problems installing it in the past. >> >> I have SA 3.1 and Clamav 87 on suse 9.3 >> > I would do my package. It will upgrade Clam then rebuild Mail::ClamAV > and link it against the Clam it just built. > More reliable in my view. > > I don't like building perl modules that call C libraries without knowing > I had the latest C library when it was linked together. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4SuNM4kHBIBZ61gRAhoiAJ4hN8l7Vl1PUJepZ5TLhUYhHtRoMACeLSqI NtQQpzFnN5dPc7mf17WO7UE= =feTX -----END PGP SIGNATURE----- From glenn.steen at gmail.com Wed Feb 1 21:46:21 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 1 21:46:24 2006 Subject: Fwd: SQLite and postfix... In-Reply-To: <43E126BC.3020108@ecs.soton.ac.uk> References: <223f97700602010923w68b73106l@mail.gmail.com> <223f97700602011216x753fafccx@mail.gmail.com> <43E126BC.3020108@ecs.soton.ac.uk> Message-ID: <223f97700602011346p327e1b06y@mail.gmail.com> On 01/02/06, Julian Field wrote: > Glenn Steen wrote: > > ---------- Forwarded message ---------- > > From: Glenn Steen > > Date: 01-Feb-2006 18:23 > > Subject: SQLite and postfix... > > To: MailScanner@lists.mailscanner.info > > > > > > Just a note, if this hasn't been covered already: > > > > Updated to the latest stable (4.50.14) on my prod machine running > > postfix...It's a Mdv 10.2, so I used that rpm method. > > > > Apparantly the SQLite db got created during install, with only user rw > > perms... and a "non-postfix" user. This made MailScanner loop during > > startup (all the children died immediately). Running --debug > > complained about line 172 in SA.pm, which happen to be an operation on > > the SQLite, so ... eventually led me right:-). > > > > Simple fix is to remove the file > > /var/spool/MailScanner/incoming/SpamAssassin.cache.db and do "service > > MailScanner restart" ... and a pristine file with the correect > > perms/owner get created. One could've just changed the owner, of > > course:-). > > > > Other than that, it looks to be _really_ nice... and fast. > The db file shouldn't be created by the installation. Are you sure you > didn't run it at all before setting the Run As User? Yeah, pretty sure. It was an upgrade, not an install... So MailScanner was already set for the postfix user, and yes... I did do the suggested upgrade of conf file (and triple checked with diff and reading the file from top to bottom and --linting) before restarting the MailScanner service and putting in the first message (via telnet)... Immediately noted a few processes, and the message just sat there... So I don't think it was anything like that. I'll probably get to redo the upgrade tomorrow (on the other server), and will be sure to take better notes then. Come to think of it, I might have done a "MailScanner --lint" before upgrading the MailScanner.conf file... It complained about the spurious spam.assassin.prefs.conf line, IIRC... But it should still have switched into "postfix" user, right? Or did that prevent it from using it, then perform the spam cache query ... which then created the bum file? I'll try retrace my steps tomorrow and see what gives. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From lhaig at haigmail.com Wed Feb 1 21:50:38 2006 From: lhaig at haigmail.com (Lance Haig) Date: Wed Feb 1 21:50:42 2006 Subject: Downloading the latest update :-) In-Reply-To: <43E1293C.5020503@ecs.soton.ac.uk> References: <43E12132.5060402@haigmail.com> <43E1293C.5020503@ecs.soton.ac.uk> Message-ID: <43E12D2E.2070106@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have an error in my Mailscanner --lint command mailhost:~ # MailScanner --lint Possible syntax error on line 19 of /etc/MailScanner/filename.rules.conf at /usr/lib/MailScanner/MailScanner/Config.pm line 1274 Remember to separate fields with tab characters! at /usr/lib/MailScanner/MailScanner/Config.pm line 1276 Read 710 hostnames from the phishing whitelist Config: calling custom init function SQLBlacklist Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhitelist Checking SpamAssassin errors (if you use it), this may take some time... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamavmodule bitdefender" Found these virus scanners installed: bitdefender, clamavmodule I have checked the file and all fields are seperated by tabs so I am a bit confused. Can anyone shed some light? Lance Julian Field wrote: > Lance Haig wrote: >> Is it easier to download the SA clam package from Julians site to update >> clam or would it be better to just update clam from the clam site? >> >> I don't want to lose the clamavmodule part of the install as I have had >> problems installing it in the past. >> >> I have SA 3.1 and Clamav 87 on suse 9.3 >> > I would do my package. It will upgrade Clam then rebuild Mail::ClamAV > and link it against the Clam it just built. > More reliable in my view. > > I don't like building perl modules that call C libraries without knowing > I had the latest C library when it was linked together. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4S0uM4kHBIBZ61gRAo16AJ9+FSeWE4cT3skyFhuSjeWalpyhZwCgnVzG nTXWcF/6F/Zl/TNoOzu0iSQ= =35oY -----END PGP SIGNATURE----- From dnsadmin at 1bigthink.com Wed Feb 1 21:51:48 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Wed Feb 1 21:52:05 2006 Subject: ALL_TRUSTED problems In-Reply-To: <223f97700602011306w6bda9bfbi@mail.gmail.com> References: <6.2.3.4.0.20060201153641.09c37af8@mxt.1bigthink.com> <223f97700602011257t35f95c96p@mail.gmail.com> <223f97700602011306w6bda9bfbi@mail.gmail.com> Message-ID: <6.2.3.4.0.20060201163854.061d99b0@mxt.1bigthink.com> At 04:06 PM 2/1/2006, you wrote: >On 01/02/06, Glenn Steen wrote: > > On 01/02/06, dnsadmin 1bigthink.com wrote: > > > At 03:00 PM 2/1/2006, you wrote: > > > > > > >The trouble with making changes in the 50_scores.cf is that the change > > > >will be overwrittent whenever SA is updated. I should be able to place > > > >'overrides' in the spam.assassin.prefs.conf file as the documentation > > > >states and have them override the defaults. > > > > > > Hello Richard, > > > > > > I looked back at the threads for this post after I saw something very > > > spammy and pornographic (even spelled correctly!) slip by my server > > > last night and it was due to the ALL_TRUSTED rule as well. Is that > > > what happened to you? > > > > > > Where are the guts of what is triggering ALL_TRUSTED? > > Hi Glenn, > > > > The "guts" are in spamassassin, of course... Matt Kettler has covered > > this extensively on this list in the past (how it works, what it is > > and what to do about it getting misdetected)... Pehraps one of those > > would turn up if you search the list archives (on gmane) for kettler > > and trusted_path:-). > > > > > I don't have any trusted_networks defined in my configs that I know > > > of, nor have seen since hunting through configs for this. > > > > You should set trusted_networks to your mailservers IP addresses > (or network). > > IIRC this is suggested in spam.assassin.prefs.conf / mailscanner.cf .... > > > > > Thanks, > > > Glenn > > > > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > >Here's a link to one (with Jules reply... First hit, and I'm too lazy >to find the original:-): >http://article.gmane.org/gmane.mail.virus.mailscanner/26152/match=kettler+trust+path > >-- Thanks Glenn, I read the whole thread dated 03/08- 03/10/2005. I still don't see the resolution. I am not NAt'd. I am not gatewayed. I am cleared by my ISP to answer direct DNS PTR. I love Sprint, by the way! Nor do I see why this was all of a sudden a factor on my server, when I can't say that it has been in the past. Could I have missed it? It is possible, since I have Dynamic DNS customers on a Verizon network, and the IP neighborhood was close on this nasty spam, that SA was making an educated guess? I've been sitting on MailScanner version 4.41.3 for quite some time and was preparing to upgrade this weekend. Thanks, Glenn Parsons From timgrooms at noacon.com Wed Feb 1 21:54:41 2006 From: timgrooms at noacon.com (Tim Grooms) Date: Wed Feb 1 21:52:20 2006 Subject: Having trouble with mqueue.in In-Reply-To: <43E129E4.1040304@ecs.soton.ac.uk> References: <43E122C3.20705@noacon.com> <43E129E4.1040304@ecs.soton.ac.uk> Message-ID: <43E12E21.7080002@noacon.com> Julian Field wrote: > > > Tim Grooms wrote: >> Installed MailScanner-4.50.14-1 and ClamAV/SpamAssassin today from >> the rpm files >> MailScanner-4.50.14-1.rpm.tar.gz and >> install-Clam-SA.tar.gz >> >> Everything seemed to work fine in the installs. Ran >> upgrade_MailScanner_conf and >> upgrade_languages.conf and those seemed to go ok as well. >> >> I am using Fedora Core 4 and sendmail. I cannot get incoming mail to >> come through and get >> the following when trying to start MailScanner: >> >> --------------------------------------------------------------------------------------------------------- >> >> >> [root@www log]# service MailScanner start >> Starting MailScanner daemons: >> incoming sendmail: Warning: Option: AuthOptions requires >> SASL support (-DSASL) > Look for AuthOptions in /etc/mail/sendmail.cf. Try commenting it out > completely. Ok, I'll do that next. >> /): No such file or directoryspool/mqueue.in > Did it really say that? If so, you've screwed up /var/spool/mqueue.in > somewhere. Check it printed exactly this. You should have a > /var/spool/mqueue.in directory with the same permissions as > /var/spool/mqueue. Yep, that's exactly what it said and I do have both directorys with the same permissions. When I tell it to stop MailScanner I get the following line: : No such file or directoryne 315: cd: /var/spool/MailScanner/incoming but there is a /var/spool/MailScanner/incoming folder also. I can stop MailScanner and start sendmail and I can receive mail again. But once I stop sendmail and start MailScanner my mail stops coming in again. >> >> [OK] >> outgoing sendmail: Warning: Option: AuthOptions requires >> SASL support (-DSASL) >> >> [OK] >> >> MailScanner >> [OK] >> [root@www log]# >> >> ---------------------------------------------------------------------------------------------------------- >> >> >> There are no errors in the maillog file everything appears to start >> normally. I have checked the >> folders and permissions in /var/spool and all seems OK there as well >> as the path in >> MailScanner.conf to both incoming and outgoing queues. >> >> Any suggestions? I'm stumped. >> >> Thanks. >> > Thanks for the help. Tim From gregg at gbcomputers.com Wed Feb 1 22:04:12 2006 From: gregg at gbcomputers.com (Gregg Berkholtz) Date: Wed Feb 1 22:04:16 2006 Subject: Cannot install DBI with MS 4.50.14 In-Reply-To: <43E124E4.6070907@ecs.soton.ac.uk> References: <20060201182512.GA30959@gbcomputers.com> <43E124E4.6070907@ecs.soton.ac.uk> Message-ID: <20060201220412.GA10311@gbcomputers.com> Thanks for the response, but it still appears to fail. The Storable install went well, with the final messages being: /usr/bin/make -- OK /usr/bin/make test -- OK /usr/bin/make install -- OK install.sh does report "Good, you appear to only have 1 copy of Perl installed: /usr/bin/perl", and it appears the install.sh is looking for storable in /usr/local/... An ls of the Storables folder: Apr 25 2002 Storable.bs Apr 25 2002 Storable.so Apr 25 2002 _freeze.al Apr 25 2002 _retrieve.al Apr 25 2002 _store.al Apr 25 2002 _store_fd.al Apr 25 2002 autosplit.ix Apr 25 2002 fd_retrieve.al Apr 25 2002 freeze.al Apr 25 2002 lock_nstore.al Apr 25 2002 lock_retrieve.al Apr 25 2002 lock_store.al Apr 25 2002 nfreeze.al Apr 25 2002 nstore.al Apr 25 2002 nstore_fd.al Apr 25 2002 retrieve.al Apr 25 2002 store.al Apr 25 2002 store_fd.al Apr 25 2002 thaw.al Shouldn't those files be more current? Running ./install.sh afterwards reports these errors: "... Attempting to build and install DBI-1.50 Unpacking perl-tar/DBI-1.50.tar.gz Do not worry too much about errors from the next command. It is quite likely that some of the Perl modules are already installed on your system. The important ones are HTML-Parser and MIME-tools. ************************************************************************** Perl versions below 5.6.1 are no longer supported by the DBI. Perl versions 5.6.x may fail during installation with a complaint about the use of =head3 in the pod documentation. Press return to continue... ************************************************************************** *** Note: The optional PlRPC-modules (RPC::PlServer etc) are not installed. If you want to use the DBD::Proxy driver and DBI::ProxyServer modules, then you'll need to install the RPC::PlServer, RPC::PlClient, Storable and Net::Daemon modules. The CPAN Bundle::DBI may help you. You can install them any time after installing the DBI. You do *not* need these modules for typical DBI usage. Optional modules are available from any CPAN mirror, in particular http://search.cpan.org/ http://www.perl.com/CPAN/modules/by-module http://www.perl.org/CPAN/modules/by-module ftp://ftp.funet.fi/pub/languages/perl/CPAN/modules/by-module Creating DBI::PurePerl test variant: t/zvpp_01basics.t Creating DBI::PurePerl test variant: t/zvpp_02dbidrv.t Creating DBI::PurePerl test variant: t/zvpp_03handle.t Creating DBI::PurePerl test variant: t/zvpp_04mods.t Creating DBI::PurePerl test variant: t/zvpp_05thrclone.t Creating DBI::PurePerl test variant: t/zvpp_06attrs.t Creating DBI::PurePerl test variant: t/zvpp_07kids.t Creating DBI::PurePerl test variant: t/zvpp_08keeperr.t Creating DBI::PurePerl test variant: t/zvpp_09trace.t Creating DBI::PurePerl test variant: t/zvpp_10examp.t Creating DBI::PurePerl test variant: t/zvpp_11fetch.t Creating DBI::PurePerl test variant: t/zvpp_14utf8.t Creating DBI::PurePerl test variant: t/zvpp_15array.t Creating DBI::PurePerl test variant: t/zvpp_20meta.t Creating DBI::PurePerl test variant: t/zvpp_30subclass.t Creating DBI::PurePerl test variant: t/zvpp_40profile.t Creating DBI::PurePerl test variant: t/zvpp_41prof_dump.t Creating DBI::PurePerl test variant: t/zvpp_42prof_data.t Creating DBI::PurePerl test variant: t/zvpp_43profenv.t Creating DBI::PurePerl test variant: t/zvpp_50dbm.t Creating DBI::PurePerl test variant: t/zvpp_60preparse.t Creating DBI::PurePerl test variant: t/zvpp_70callbacks.t Creating DBI::PurePerl test variant: t/zvpp_72childhandles.t Creating DBI::PurePerl test variant: t/zvpp_80proxy.t Checking if your kit is complete... Looks good I see you're using perl 5.006001 on i386-linux, okay. Remember to actually *read* the README file! Use 'make' to build the software (dmake or nmake on Windows). Then 'make test' to execute self tests. Then 'make install' to install the DBI and then delete this working directory before unpacking and building any DBD::* drivers. Writing Makefile for DBI /usr/bin/perl "-MExtUtils::Command" -e mkpath blib/lib/DBI rm -f blib/lib/DBI/Changes.pm cp Changes blib/lib/DBI/Changes.pm /usr/bin/perl "-MExtUtils::Command" -e mkpath blib/lib/DBI rm -f blib/lib/DBI/Roadmap.pm cp Roadmap.pod blib/lib/DBI/Roadmap.pm cp Driver_xst.h blib/arch/auto/DBI/Driver_xst.h cp lib/DBI/ProfileDumper.pm blib/lib/DBI/ProfileDumper.pm cp Roadmap.pod blib/lib/Roadmap.pod cp DBIXS.h blib/arch/auto/DBI/DBIXS.h cp lib/DBI/DBD/Metadata.pm blib/lib/DBI/DBD/Metadata.pm cp lib/DBD/NullP.pm blib/lib/DBD/NullP.pm cp dbipport.h blib/arch/auto/DBI/dbipport.h cp dbd_xsh.h blib/arch/auto/DBI/dbd_xsh.h cp lib/DBI/Const/GetInfoReturn.pm blib/lib/DBI/Const/GetInfoReturn.pm cp lib/DBI/Const/GetInfo/ANSI.pm blib/lib/DBI/Const/GetInfo/ANSI.pm cp lib/DBI/PurePerl.pm blib/lib/DBI/PurePerl.pm cp lib/DBI/Profile.pm blib/lib/DBI/Profile.pm cp lib/DBI/SQL/Nano.pm blib/lib/DBI/SQL/Nano.pm cp lib/DBD/File.pm blib/lib/DBD/File.pm cp DBI.pm blib/lib/DBI.pm cp lib/DBD/DBM.pm blib/lib/DBD/DBM.pm cp lib/DBI/FAQ.pm blib/lib/DBI/FAQ.pm cp lib/DBD/ExampleP.pm blib/lib/DBD/ExampleP.pm cp lib/Bundle/DBI.pm blib/lib/Bundle/DBI.pm cp lib/Win32/DBIODBC.pm blib/lib/Win32/DBIODBC.pm cp lib/DBI/W32ODBC.pm blib/lib/DBI/W32ODBC.pm cp dbivport.h blib/arch/auto/DBI/dbivport.h cp lib/DBI/DBD.pm blib/lib/DBI/DBD.pm cp lib/DBI/ProfileData.pm blib/lib/DBI/ProfileData.pm cp lib/DBD/Proxy.pm blib/lib/DBD/Proxy.pm cp lib/DBI/ProxyServer.pm blib/lib/DBI/ProxyServer.pm cp lib/DBI/Const/GetInfoType.pm blib/lib/DBI/Const/GetInfoType.pm cp dbi_sql.h blib/arch/auto/DBI/dbi_sql.h cp lib/DBI/ProfileDumper/Apache.pm blib/lib/DBI/ProfileDumper/Apache.pm cp Driver.xst blib/arch/auto/DBI/Driver.xst cp lib/DBI/Const/GetInfo/ODBC.pm blib/lib/DBI/Const/GetInfo/ODBC.pm cp lib/DBD/Sponge.pm blib/lib/DBD/Sponge.pm /usr/bin/perl -p -e "s/~DRIVER~/Perl/g" ./Driver.xst > Perl.xsi /usr/bin/perl /usr/share/perl/5.6.1/ExtUtils/xsubpp -typemap /usr/share/perl/5.6.1/ExtUtils/typemap -typemap typemap Perl.xs > Perl.xsc && mv Perl.xsc Perl.c cc -c -DDEBIAN -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -DVERSION=\"1.50\" -DXS_VERSION=\"1.50\" -fPIC "-I/usr/lib/perl/5.6.1/CORE" -W -Wall -Wpointer-arith -Wbad-function-cast -Wno-comment -Wno-sign-compare -Wno-cast-qual -DDBI_NO_THREADS Perl.c Perl.xs: In function `dbd_st_rows': Perl.xs:39: warning: unused parameter `h' Perl.c: In function `XS_DBD__Perl__dr_data_sources': Perl.c:84: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db__login': Perl.c:119: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_selectall_arrayref': Perl.c:153: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_do': Perl.c:273: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_last_insert_id': Perl.c:310: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_commit': Perl.c:339: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_rollback': Perl.c:356: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_disconnect': Perl.c:373: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_STORE': Perl.c:406: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_FETCH': Perl.c:428: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_DESTROY': Perl.c:447: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__db_take_imp_data': Perl.c:506: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st__prepare': Perl.c:568: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_bind_col': Perl.c:620: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_bind_param': Perl.c:671: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_bind_param_inout': Perl.c:713: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_execute': Perl.c:761: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_execute_for_fetch': Perl.c:795: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_fetchall_arrayref': Perl.c:868: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_finish': Perl.c:901: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_blob_read': Perl.c:931: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_STORE': Perl.c:969: warning: unused parameter `cv' Perl.c: In function `XS_DBD__Perl__st_DESTROY': Perl.c:1013: warning: unused parameter `cv' Perl.c: In function `boot_DBD__Perl': Perl.c:1064: warning: unused parameter `cv' Perl.c: At top level: dbipport.h:529: warning: `my_sv_2pvbyte' defined but not used /usr/bin/perl /usr/share/perl/5.6.1/ExtUtils/xsubpp -typemap /usr/share/perl/5.6.1/ExtUtils/typemap -typemap typemap DBI.xs > DBI.xsc && mv DBI.xsc DBI.c cc -c -DDEBIAN -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -DVERSION=\"1.50\" -DXS_VERSION=\"1.50\" -fPIC "-I/usr/lib/perl/5.6.1/CORE" -W -Wall -Wpointer-arith -Wbad-function-cast -Wno-comment -Wno-sign-compare -Wno-cast-qual -DDBI_NO_THREADS DBI.c DBI.xs: In function `dbih_clearcom': DBI.xs:1183: warning: unused variable `Perl___notused' DBI.xs: In function `dbih_get_fbav': DBI.xs:1332: warning: unused variable `Perl___notused' DBI.xs: In function `dbih_set_attr_k': DBI.xs:1514: warning: unused variable `Perl___notused' DBI.xs:1416: warning: unused variable `Perl___notused' DBI.xs: In function `dbih_get_attr_k': DBI.xs:1654: warning: unused variable `Perl___notused' DBI.xs: In function `log_where': DBI.xs:2081: warning: unused variable `Perl___notused' DBI.xs: In function `XS_DBI_dispatch': DBI.xs:2971: warning: unused variable `Perl___notused' DBI.c: In function `XS_DBI__install_method': DBI.c:3650: warning: unused parameter `cv' DBI.c: In function `XS_DBI_dbi_time': DBI.c:3833: warning: unused parameter `cv' DBI.c: In function `XS_DBD_____db_preparse': DBI.c:3988: warning: unused parameter `cv' DBI.c: At top level: dbipport.h:529: warning: `my_sv_2pvbyte' defined but not used Running Mkbootstrap for DBI () chmod 644 DBI.bs rm -f blib/arch/auto/DBI/DBI.so cc -shared -L/usr/local/lib DBI.o -o blib/arch/auto/DBI/DBI.so \ \ chmod 755 blib/arch/auto/DBI/DBI.so cp DBI.bs blib/arch/auto/DBI/DBI.bs chmod 644 blib/arch/auto/DBI/DBI.bs /usr/bin/perl "-Iblib/arch" "-Iblib/lib" dbiproxy.PL dbiproxy Extracted dbiproxy from dbiproxy.PL with variable substitutions. cp dbiproxy blib/script/dbiproxy /usr/bin/perl "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/dbiproxy /usr/bin/perl "-Iblib/arch" "-Iblib/lib" dbiprof.PL dbiprof Extracted dbiprof from dbiprof.PL with variable substitutions. cp dbiprof blib/script/dbiprof /usr/bin/perl "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/dbiprof Manifying blib/man1/dbiproxy.1p Manifying blib/man1/dbiprof.1p Manifying blib/man3/DBI::ProfileDumper.3pm Manifying blib/man3/Roadmap.3pm Manifying blib/man3/DBI::DBD::Metadata.3pm Manifying blib/man3/DBI::Const::GetInfoReturn.3pm Manifying blib/man3/DBI::Const::GetInfo::ANSI.3pm Manifying blib/man3/DBI::PurePerl.3pm Manifying blib/man3/DBI::Profile.3pm Manifying blib/man3/DBI::SQL::Nano.3pm Manifying blib/man3/DBD::File.3pm Manifying blib/man3/DBD::DBM.3pm Manifying blib/man3/DBI.3pm Manifying blib/man3/DBI::FAQ.3pm Manifying blib/man3/Bundle::DBI.3pm Manifying blib/man3/Win32::DBIODBC.3pm Manifying blib/man3/DBI::W32ODBC.3pm Manifying blib/man3/DBI::DBD.3pm Manifying blib/man3/DBI::ProfileData.3pm Manifying blib/man3/DBD::Proxy.3pm Manifying blib/man3/DBI::ProxyServer.3pm Manifying blib/man3/DBI::Const::GetInfoType.3pm Manifying blib/man3/DBI::ProfileDumper::Apache.3pm Manifying blib/man3/DBD::Sponge.3pm Manifying blib/man3/DBI::Const::GetInfo::ODBC.3pm PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/01basics...............ok 4/131 skipped: developer tests t/02dbidrv...............ok t/03handle...............ok t/04mods.................ok t/05thrclone.............skipped all skipped: developer tests t/06attrs................ok t/07kids.................ok t/08keeperr..............ok t/09trace................ok t/10examp................ok t/11fetch................Can't load '/usr/local/lib/site_perl/i386-linux/auto/Storable/Storable.so' for module Storable: /usr/local/lib/site_perl/i386-linux/auto/Storable/Storable.so: undefined symbol: cast_iv at /usr/lib/perl/5.6.1/DynaLoader.pm line 202. at t/11fetch.t line 8 Compilation failed in require at t/11fetch.t line 8. BEGIN failed--compilation aborted at t/11fetch.t line 8. t/11fetch................dubious Test returned status 255 (wstat 65280, 0xff00) t/14utf8.................skipped all skipped: developer tests t/15array................ok t/20meta.................ok t/30subclass.............ok t/40profile..............ok t/41prof_dump............ok t/42prof_data............ok t/43profenv..............ok t/50dbm..................ok t/60preparse.............ok t/70callbacks............ok t/72childhandles.........skipped all skipped: developer tests t/80proxy................skipped all skipped: developer tests t/pod....................skipped all skipped: developer tests t/zvpp_01basics..........ok 6/131 skipped: various reasons t/zvpp_02dbidrv..........ok 10/51 skipped: various reasons t/zvpp_03handle..........ok 76/135 skipped: various reasons t/zvpp_04mods............ok t/zvpp_05thrclone........skipped all skipped: various reasons t/zvpp_06attrs...........ok 7/137 skipped: various reasons t/zvpp_07kids............skipped all skipped: various reasons t/zvpp_08keeperr.........ok t/zvpp_09trace...........ok t/zvpp_10examp...........ok 39/253 skipped: various reasons t/zvpp_11fetch...........Can't load '/usr/local/lib/site_perl/i386-linux/auto/Storable/Storable.so' for module Storable: /usr/local/lib/site_perl/i386-linux/auto/Storable/Storable.so: undefined symbol: cast_iv at /usr/lib/perl/5.6.1/DynaLoader.pm line 202. at t/11fetch.t line 8 Compilation failed in require at t/11fetch.t line 8. BEGIN failed--compilation aborted at t/11fetch.t line 8. ...caught at t/zvpp_11fetch.t line 3. Can't load '/usr/local/lib/site_perl/i386-linux/auto/Storable/Storable.so' for module Storable: /usr/local/lib/site_perl/i386-linux/auto/Storable/Storable.so: undefined symbol: cast_iv at /usr/lib/perl/5.6.1/DynaLoader.pm line 202. at t/11fetch.t line 8 Compilation failed in require at t/11fetch.t line 8. BEGIN failed--compilation aborted at t/11fetch.t line 8. ...caught ...propagated at t/zvpp_11fetch.t line 4. t/zvpp_14utf8............skipped all skipped: various reasons t/zvpp_15array...........ok t/zvpp_20meta............ok t/zvpp_30subclass........ok t/zvpp_40profile.........skipped all skipped: various reasons t/zvpp_41prof_dump.......skipped all skipped: various reasons t/zvpp_42prof_data.......skipped all skipped: various reasons t/zvpp_43profenv.........skipped all skipped: various reasons t/zvpp_50dbm.............ok t/zvpp_60preparse........skipped all skipped: various reasons t/zvpp_70callbacks.......skipped all skipped: various reasons t/zvpp_72childhandles....skipped all skipped: various reasons t/zvpp_80proxy...........skipped all skipped: various reasons Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- t/11fetch.t 255 65280 ?? ?? % ?? 16 tests and 142 subtests skipped. Failed 1/49 test scripts, 95.92% okay. 0/2156 subtests failed, 100.00% okay. make: *** [test_dynamic] Error 11 ..." On Wed, Feb 01, 2006 at 09:15:16PM +0000, Julian Field wrote: > Do > > perl -MCPAN -e shell > install Storable > quit > > Make sure it doesn't start upgrading your entire Perl installation, > thump Ctrl-C like crazy if it does! > > Then try running the install.sh again. > > Gregg Berkholtz wrote: > >It appears I cant install DBI as I'm getting the following error after > >running > >MailScanner's install.sh on a Debian 3.0 system. Any assistance is greatly > >appreciated: > > From MailScanner at ecs.soton.ac.uk Wed Feb 1 22:06:01 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 22:06:04 2006 Subject: Beta to latest stable suggestions In-Reply-To: <002301c62777$bc980a30$0705000a@DDF5DW71> References: <002301c62777$bc980a30$0705000a@DDF5DW71> Message-ID: <43E130C9.6000906@ecs.soton.ac.uk> Steve Campbell wrote: > I had installed the 4.50-12 Beta last week to get the latest > configuration file changes. Is there any reason to upgrade to the > latest stable? If you want to use MailWatch, then yes. There are a few other things too. It will be a painless upgrade. > Should I have changed the "Minimum Supported Status" in the conf file > to 'Beta' for the Beta release, and what are the results of not doing > so if I should have changed this? No, leave that set to Beta or Supported. I'm going to remove that option altogether in the next release, it's worthless now. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Feb 1 22:07:34 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 1 22:07:36 2006 Subject: Problems starting after upgrading to 4.50.14 In-Reply-To: References: Message-ID: <43E13126.9030206@ecs.soton.ac.uk> David Curtis wrote: > > I am getting an error now since I upgraded: > service MailScanner start > Starting MailScanner daemons: > incoming postfix: [ OK ] > outgoing postfix: [ OK ] > MailScanner: In Debugging mode, not forking... > Can't call method "do" on an undefined value at > /usr/lib/MailScanner/MailScanner/SA.pm line 172. > > This is the same problem Glenn talked about, but my problem is that > there is no "/var/spool/MailScanner/incoming/SpamAssassin.cache.db" > file. Any idea's would be very helpfull. > > Have you change the Incoming Work Dir? It needs to be able to create the SpamAssassin.cache.db file in that directory. I trust SQLite installed okay? Do a MailScanner --version to check. Also do a MailScanner --lint to see if it says anything bad. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ka at pacific.net Wed Feb 1 22:07:56 2006 From: ka at pacific.net (Ken A) Date: Wed Feb 1 22:08:01 2006 Subject: SA cache not expiring entries? In-Reply-To: <1138228032.8413.28.camel@localhost.localdomain> References: <43D7F274.8060300@pacific.net> <1138228032.8413.28.camel@localhost.localdomain> Message-ID: <43E1313C.10506@pacific.net> Steve Freegard wrote: > Hi Ken, > > On Wed, 2006-01-25 at 13:49 -0800, Ken A wrote: > > > Next time, before nuking the database - run analyse_SpamAssassin_cache > and post the output as it will show up any irregularities straight away. MailScanner stopped Expiring entries from the SA cache. This time with 4.50.14. Here's what it looked like. I noticed the incoming queue growing on one MailScanner box. Checked the log for oddities and found this: MailScanner's last successful "Expired records from the SpamAssassin cache" happened about an hour ago (12:30 localtime) Then there's a load of these: "Feb 1 13:31:18 MailScanner[14286]: database or disk is full(1) at dbdimp.c line 398 Feb 1 13:31:18 last message repeated 59 times" The disk is tmpfs, and it's not full. The box is not out of RAM or SWAP. So I checked the size of the SA Cache file: # ls -lh -rw------- 1 root root 5.3M Feb 1 12:31 SpamAssassin.cache.db -rw------- 1 root root 6.6K Feb 1 13:40 SpamAssassin.cache.db-journal 5.3Mb - not that big! So, per your previous email on this, run analyze.... # /usr/sbin/analyze_SpamAssassin_cache DBD::SQLite::db selectrow_hashref failed: database is locked(5) at dbdimp.c line 416 at /usr/sbin/analyze_SpamAssassin_cache line 20. --------- TOTALS --------- Total records: 3251 First seen (oldest): 587347 sec First seen (newest): 3769 sec Last seen (oldest): 587347 sec Last seen (newest): 3745 sec Cache Hit Rate 0% -------- NON-SPAM -------- Total records: 712 First seen (oldest): 5963 sec First seen (newest): 3819 sec Last seen (oldest): 5960 sec Last seen (newest): 3819 sec -------- LOW-SPAM -------- Total records: 60 First seen (oldest): 4481 sec First seen (newest): 3852 sec Last seen (oldest): 4481 sec Last seen (newest): 3852 sec ------- HIGH-SPAM -------- Total records: 2252 First seen (oldest): 294837 sec First seen (newest): 3853 sec Last seen (oldest): 14990 sec Last seen (newest): 3853 sec -------- VIRUSES -------- DBD::SQLite::db selectrow_hashref failed: database is locked(5) at dbdimp.c line 416 at /usr/sbin/analyze_SpamAssassin_cache line 51. Total records: 0 First seen (oldest): 0 sec First seen (newest): 0 sec Last seen (oldest): 0 sec Last seen (newest): 0 sec ----- TOP 5 HASHES ------- DBD::SQLite::st execute failed: database is locked(5) at dbdimp.c line 416 at /usr/sbin/analyze_SpamAssassin_cache line 59. MD5 COUNT FIRST LAST # After running analyze_SpamAssassin_cache I restarted MailScanner and it's again Expiring entries from the Cache and caught up with the incoming queue. During the ~1 hour that MailScanner was having trouble accessing the SA Cache, it did record "SpamAssassin cache hit" for some messages, just not as many as usual (about 50 in an hour instead of several thousand). Google turns up an active bug in DBD::SQLite that may be related. http://rt.cpan.org/Public/Bug/Display.html?id=11680 This has only happened on one of 3 machines, running FC4. Thanks, Ken Anderson Pacific.Net > Cheers, > Steve. > From dcurtisathome at hotmail.com Wed Feb 1 22:15:00 2006 From: dcurtisathome at hotmail.com (David Curtis) Date: Wed Feb 1 22:15:06 2006 Subject: Problems starting after upgrading to 4.50.14 Message-ID: I am getting an error now since I upgraded: service MailScanner start Starting MailScanner daemons: incoming postfix: [ OK ] outgoing postfix: [ OK ] MailScanner: In Debugging mode, not forking... Can't call method "do" on an undefined value at /usr/lib/MailScanner/MailScanner/SA.pm line 172. This is the same problem Glenn talked about, but my problem is that there is no "/var/spool/MailScanner/incoming/SpamAssassin.cache.db" file. Any idea's would be very helpful. If this is a double post...I am sorry, I got an e-mail back saying it was pending review. From mkettler at evi-inc.com Wed Feb 1 22:27:35 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Feb 1 22:27:48 2006 Subject: ALL_TRUSTED problems In-Reply-To: <6.2.3.4.0.20060201163854.061d99b0@mxt.1bigthink.com> References: <6.2.3.4.0.20060201153641.09c37af8@mxt.1bigthink.com> <223f97700602011257t35f95c96p@mail.gmail.com> <223f97700602011306w6bda9bfbi@mail.gmail.com> <6.2.3.4.0.20060201163854.061d99b0@mxt.1bigthink.com> Message-ID: <43E135D7.9060309@evi-inc.com> dnsadmin 1bigthink.com wrote: > > I read the whole thread dated 03/08- 03/10/2005. I still don't see the > resolution. I am not NAt'd. I am not gatewayed. I am cleared by my ISP > to answer direct DNS PTR. I love Sprint, by the way! Nor do I see why > this was all of a sudden a factor on my server, when I can't say that it > has been in the past. Could I have missed it? > > It is possible, since I have Dynamic DNS customers on a Verizon network, > and the IP neighborhood was close on this nasty spam, that SA was making > an educated guess? No. SA doesn't use that kind of smarts. SA more-or-less does the following things when guessing trust path, Starting with the most recent Received: header. ---- If the relay in the "by" clause resolves to a RFC 1918 reserved IP address, trust the node and check the next. If it's not private, trust the host and all others are untrusted. ---- Thus, SA should, by default, trust all servers with private IPs, and the first one with a non-trusted IP. Unless of course there is a trusted_networks declared, in which case SA trusts that. Did you ever get your parsing problem resolved?? This thread is so huge I can't even keep track of it. If not, you need to find out why that isn't working first. The fact that "score ALL_TRUSTED 0" doesn't work implies that your config files are NOT being parsed by spamassassin. That is a a truly major problem with your system if it's still oging on. That's horribly bad. Stop worrying about how ALL_TRUSTED works, and worry about why you can't get SA to honor your configuration. From lhaig at haigmail.com Wed Feb 1 22:37:33 2006 From: lhaig at haigmail.com (Lance Haig) Date: Wed Feb 1 22:37:37 2006 Subject: MS Slow after update to 4.50.14 on suse Message-ID: <43E1382D.8010603@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have a problem after upgrading. My MS is very slow processing mail. I have sent test text messages to the system and they take between 28 to 31 seconds to process here is a snippet of the log Can anyone lead me in the right direction to see why this is so low? Thanks Lance Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Found 2 messages waiting Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Scanning 1 messages, 2009 bytes Feb 1 22:56:27 mailhost MailScanner[2384]: Spam Checks: Starting Feb 1 22:56:54 mailhost MailScanner[2384]: Virus and Content Scanning: Starting Feb 1 22:56:55 mailhost MailScanner[2384]: Uninfected: Delivered 1 messages Feb 1 22:56:55 mailhost MailScanner[2384]: Batch processed in 27.65 seconds Feb 1 22:56:55 mailhost MailScanner[2384]: Logging message k11MuMV5003084 to SQL Feb 1 22:56:55 mailhost MailScanner[2384]: "Always Looked Up Last" took 0.00 seconds Feb 1 22:56:55 mailhost sendmail[3114]: k11MuMV5003084: to=, delay=00:00:28, xdelay=00:00:00, mailer=esmtp, pri=121508, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, stat=Sent (OK) Feb 1 22:56:55 mailhost MailScanner[26335]: k11MuMV5003084: Logged to MailWatch SQL Feb 1 22:56:56 mailhost MailScanner[2292]: Virus and Content Scanning: Starting Feb 1 22:56:58 mailhost MailScanner[2292]: Uninfected: Delivered 1 messages Feb 1 22:56:58 mailhost MailScanner[2292]: Batch processed in 34.43 seconds Feb 1 22:56:58 mailhost MailScanner[2292]: Logging message k11MuM6S003085 to SQL Feb 1 22:56:58 mailhost MailScanner[2292]: "Always Looked Up Last" took 0.00 seconds Feb 1 22:56:58 mailhost MailScanner[26335]: k11MuM6S003085: Logged to MailWatch SQL Feb 1 22:56:59 mailhost sendmail[3122]: k11MuM6S003085: to=, delay=00:00:37, xdelay=00:00:01, mailer=esmtp, pri=121504, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, stat=Sent (OK) Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: from=, size=4772, class=-30, nrcpts=1, msgid=<43E12E21.7080002@noacon.com>, proto=ESMTP, daemon=MTA, relay=bkserver.blacknight.ie [83.98.166.45] Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: to=, delay=00:00:00, mailer=esmtp, pri=88772, stat=queued Feb 1 22:57:19 mailhost MailScanner[993]: New Batch: Scanning 1 messages, 5347 bytes Feb 1 22:57:19 mailhost MailScanner[993]: Spam Checks: Starting Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string spam in language translation file /etc/MailScanner/reports/en/languages.conf Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string notspam in language translation file /etc/MailScanner/reports/en/languages.conf Feb 1 22:57:19 mailhost MailScanner[993]: Whitelist refresh time reached Feb 1 22:57:19 mailhost MailScanner[993]: Starting up SQL Whitelist Feb 1 22:57:19 mailhost MailScanner[993]: Read 8 whitelist entries Feb 1 22:57:19 mailhost MailScanner[993]: Message k11MvIXH003138 from 83.98.166.45 (mailscanner-bounces@lists.mailscanner.info) is whitelisted Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string mailscanner in language translation file /etc/MailScanner/reports/en/languages.conf Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string unreadablearchive in language translation file /etc/MailScanner/reports/en/languages.conf Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string passwordedarchive in language translation file /etc/MailScanner/reports/en/languages.conf Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string archivetoodeep in language translation file /etc/MailScanner/reports/en/languages.conf Feb 1 22:57:19 mailhost MailScanner[993]: Virus and Content Scanning: Starting Feb 1 22:57:20 mailhost MailScanner[993]: Looked up unknown string mailscanner in language translation file /etc/MailScanner/reports/en/languages.conf Feb 1 22:57:20 mailhost MailScanner[993]: Uninfected: Delivered 1 messages Feb 1 22:57:20 mailhost MailScanner[993]: Batch processed in 1.31 seconds Feb 1 22:57:20 mailhost MailScanner[993]: Logging message k11MvIXH003138 to SQL Feb 1 22:57:20 mailhost MailScanner[993]: "Always Looked Up Last" took 0.00 seconds Feb 1 22:57:20 mailhost MailScanner[26335]: k11MvIXH003138: Logged to MailWatch SQL Feb 1 22:57:20 mailhost sendmail[3147]: k11MvIXH003138: to=, delay=00:00:02, xdelay=00:00:00, mailer=esmtp, pri=178772, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, stat=Sent (OK) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4TgtM4kHBIBZ61gRAl5TAJsFAHGz9URCWajs26he9H1Hoh/wwACdEBCb 5Z4j4ZIglPaltS4Pw2DeC90= =I1/F -----END PGP SIGNATURE----- From Edge at twu.ca Wed Feb 1 22:52:59 2006 From: Edge at twu.ca (Richard Edge) Date: Wed Feb 1 22:53:20 2006 Subject: ALL_TRUSTED problems Message-ID: If I change the line: Score ALL_TRUSTED 0 To: core ALL_TRUSTED Then the output from "spamassassin -p /etc/mail/mailscanner.cf --lint" gives me a: [22778] warn: config: failed to parse line, skipping: core ALL_TRUSTED 0 [22778] warn: lint: 1 issues detected, please rerun with debug enabled for more information Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Wednesday, February 01, 2006 1:28 PM To: MailScanner discussion Subject: Re: ALL_TRUSTED problems On 01/02/06, Richard Edge wrote: (snip) > For Glen: > I posted the output of spamasassin --lint in a message sent this > morning at 8:26 AM. Ooops, sorry! Missed it earlier (have had quite a day, trying to squeeze in a MailScaner update into an already overfull schedule (a lot of VPN tomfoolery.... and laptops... and meetings...Sheez, I'm a _server_ type of guy:-). Ok, assuming the output for the postfix user is (as you say) the same as for the root and apache users... This really _is_ strange. If you use od -oc on the mailscanner.cf, do you see any stray .... non-printable characters or somesuch? If you intriduce an error into the file and then lint it, does that show? Just add an unknown (by SA) string... If not, something makes SA abandon the file silently... Which sound pretty unlikely, now doesn't it? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Wed Feb 1 22:55:48 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 1 22:55:50 2006 Subject: ALL_TRUSTED problems In-Reply-To: <6.2.3.4.0.20060201163854.061d99b0@mxt.1bigthink.com> References: <6.2.3.4.0.20060201153641.09c37af8@mxt.1bigthink.com> <223f97700602011257t35f95c96p@mail.gmail.com> <223f97700602011306w6bda9bfbi@mail.gmail.com> <6.2.3.4.0.20060201163854.061d99b0@mxt.1bigthink.com> Message-ID: <223f97700602011455r1ef28cabw@mail.gmail.com> On 01/02/06, dnsadmin 1bigthink.com wrote: > At 04:06 PM 2/1/2006, you wrote: > > >On 01/02/06, Glenn Steen wrote: > > > On 01/02/06, dnsadmin 1bigthink.com wrote: > > > > At 03:00 PM 2/1/2006, you wrote: > > > > > > > > >The trouble with making changes in the 50_scores.cf is that the change > > > > >will be overwrittent whenever SA is updated. I should be able to place > > > > >'overrides' in the spam.assassin.prefs.conf file as the documentation > > > > >states and have them override the defaults. > > > > > > > > Hello Richard, > > > > > > > > I looked back at the threads for this post after I saw something very > > > > spammy and pornographic (even spelled correctly!) slip by my server > > > > last night and it was due to the ALL_TRUSTED rule as well. Is that > > > > what happened to you? > > > > > > > > Where are the guts of what is triggering ALL_TRUSTED? > > > Hi Glenn, > > > > > > The "guts" are in spamassassin, of course... Matt Kettler has covered > > > this extensively on this list in the past (how it works, what it is > > > and what to do about it getting misdetected)... Pehraps one of those > > > would turn up if you search the list archives (on gmane) for kettler > > > and trusted_path:-). > > > > > > > I don't have any trusted_networks defined in my configs that I know > > > > of, nor have seen since hunting through configs for this. > > > > > > You should set trusted_networks to your mailservers IP addresses > > (or network). > > > IIRC this is suggested in spam.assassin.prefs.conf / mailscanner.cf .... > > > > > > > Thanks, > > > > Glenn > > > > > > > -- > > > -- Glenn > > > email: glenn < dot > steen < at > gmail < dot > com > > > work: glenn < dot > steen < at > ap1 < dot > se > > > > >Here's a link to one (with Jules reply... First hit, and I'm too lazy > >to find the original:-): > >http://article.gmane.org/gmane.mail.virus.mailscanner/26152/match=kettler+trust+path > > > >-- > > Thanks Glenn, > > I read the whole thread dated 03/08- 03/10/2005. I still don't see > the resolution. I am not NAt'd. I am not gatewayed. I am cleared by > my ISP to answer direct DNS PTR. I love Sprint, by the way! Nor do I > see why this was all of a sudden a factor on my server, when I can't > say that it has been in the past. Could I have missed it? Perhaps. Happens o the best (IOW, I've done so myself:-) > It is possible, since I have Dynamic DNS customers on a Verizon > network, and the IP neighborhood was close on this nasty spam, that > SA was making an educated guess? As far as I can understand, the whole trust thing in SA is just that:-). Matt's the expert though, and will perhaps shed some further light on this. But whatever way one looks at it, being specific (and correct) by setting a trusted_networks entry, just can't be wrong. > I've been sitting on MailScanner version 4.41.3 for quite some time > and was preparing to upgrade this weekend. Go for it! The new stable version is well worth the work. If one feels like one needs a mental handhold, there's a pretty nice piece on upgrading in the MAQ. Even good for us "read the manual _after_ the fact" types:-). > Thanks, > Glenn Parsons > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Edge at twu.ca Wed Feb 1 23:01:29 2006 From: Edge at twu.ca (Richard Edge) Date: Wed Feb 1 23:03:46 2006 Subject: ALL_TRUSTED problems Message-ID: This is my tinking on this as well since this is much easier to test. As you say if MailScanner is not reading this configuration setting it is also going to ignore the "trusted_networks" setting as well as in my situation here. Oddly if I modify or add an invalid entry, spamasaasin --lint is detecting and issuing an appropriate wanrning about the error. At this point I am pretty much stumped as to what is going wrong here. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge@twu.ca | www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Kettler Sent: Wednesday, February 01, 2006 2:28 PM To: MailScanner discussion Subject: Re: ALL_TRUSTED problems If not, you need to find out why that isn't working first. The fact that "score ALL_TRUSTED 0" doesn't work implies that your config files are NOT being parsed by spamassassin. That is a a truly major problem with your system if it's still oging on. That's horribly bad. Stop worrying about how ALL_TRUSTED works, and worry about why you can't get SA to honor your configuration. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Wed Feb 1 23:03:51 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 1 23:03:54 2006 Subject: ALL_TRUSTED problems In-Reply-To: <43E135D7.9060309@evi-inc.com> References: <6.2.3.4.0.20060201153641.09c37af8@mxt.1bigthink.com> <223f97700602011257t35f95c96p@mail.gmail.com> <223f97700602011306w6bda9bfbi@mail.gmail.com> <6.2.3.4.0.20060201163854.061d99b0@mxt.1bigthink.com> <43E135D7.9060309@evi-inc.com> Message-ID: <223f97700602011503x6a38aa89i@mail.gmail.com> On 01/02/06, Matt Kettler wrote: (snip) > > It is possible, since I have Dynamic DNS customers on a Verizon network, > > and the IP neighborhood was close on this nasty spam, that SA was making > > an educated guess? > > No. SA doesn't use that kind of smarts. > > SA more-or-less does the following things when guessing trust path, Starting > with the most recent Received: header. > ---- > If the relay in the "by" clause resolves to a RFC 1918 reserved IP address, > trust the node and check the next. > > If it's not private, trust the host and all others are untrusted. > ---- > > Thus, SA should, by default, trust all servers with private IPs, and the first > one with a non-trusted IP. > > Unless of course there is a trusted_networks declared, in which case SA trusts that. > And while I was typing (*slowly*), Matt did shed some more light. Thanks Matt, think I got it now. > > Did you ever get your parsing problem resolved?? This thread is so huge I can't > even keep track of it. > > If not, you need to find out why that isn't working first. > > The fact that "score ALL_TRUSTED 0" doesn't work implies that your config files > are NOT being parsed by spamassassin. > > That is a a truly major problem with your system if it's still oging on. That's > horribly bad. Stop worrying about how ALL_TRUSTED works, and worry about why you > can't get SA to honor your configuration. > Matt, there's two persons having slightly similar ALL_TRUSTED problems in this thread, Richard Edge (who has the funky config you refer to) and Glenn Parsons (who you replied to). According to an earlier --lint quote from Richard, mailscanner.cf actually does get read. ... :-/ -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Feb 1 23:11:20 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 1 23:11:22 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: Message-ID: <223f97700602011511l6049c97ft@mail.gmail.com> On 01/02/06, Richard Edge wrote: > If I change the line: > > Score ALL_TRUSTED 0 > > To: > > core ALL_TRUSTED > > Then the output from "spamassassin -p /etc/mail/mailscanner.cf --lint" > gives me a: > > [22778] warn: config: failed to parse line, skipping: core ALL_TRUSTED 0 > [22778] warn: lint: 1 issues detected, please rerun with debug enabled > for more information > Why couldn't it have played along with my idea?! Argh. That pretty well shows that it does get read, and one would assume the rules get applied. Well, sorry... but I'm stumped. For tonight at least. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dcurtisathome at hotmail.com Wed Feb 1 23:14:14 2006 From: dcurtisathome at hotmail.com (David Curtis) Date: Wed Feb 1 23:14:18 2006 Subject: Problems starting after upgrading to 4.50.14 In-Reply-To: <43E13126.9030206@ecs.soton.ac.uk> Message-ID: I did not happen to see any problems with the SQLlite, I am not sure what it is using for a work dir, Where do I find that setting? I have never changed it as far as I am aware, and it had been working up unitll this upgrade. I have not changed the work dir. Here is a copy of the results: This is MailScanner version 4.50.14 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.32 HTML::Entities 3.48 HTML::Parser 2.35 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.03 MIME::QuotedPrint 5.419 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.68 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.810 DB_File 1.11 DBD::SQLite 1.50 DBI 1.10 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline missing Mail::ClamAV 3.001000 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.53 Net::DNS 0.33 Net::LDAP 1.94 Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.52 Test::Harness 0.6 Test::Simple 1.95 Text::Balanced 1.35 URI MailScanner --lint Cannot open config file --lint, No such file or directory at /usr/lib/MailScanner/MailScanner/Config.pm line 597. Compilation failed in require at /usr/sbin/MailScanner line 67. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 67. Incoming Queue Dir = /var/spool/postfix/hold # Set location of outgoing mail queue. # This can also be the filename of a ruleset. Outgoing Queue Dir = /var/spool/postfix/incoming\ I thank you very much, Dave >From: Julian Field >Reply-To: MailScanner discussion >To: MailScanner discussion >Subject: Re: Problems starting after upgrading to 4.50.14 >Date: Wed, 01 Feb 2006 22:07:34 +0000 > > > >David Curtis wrote: >> I am getting an error now since I upgraded: >>service MailScanner start >>Starting MailScanner daemons: >> incoming postfix: [ OK ] >> outgoing postfix: [ OK ] >> MailScanner: In Debugging mode, not forking... >>Can't call method "do" on an undefined value at >>/usr/lib/MailScanner/MailScanner/SA.pm line 172. >> This is the same problem Glenn talked about, but my problem is that >>there is no "/var/spool/MailScanner/incoming/SpamAssassin.cache.db" file. >>Any idea's would be very helpfull. >> >Have you change the Incoming Work Dir? It needs to be able to create the >SpamAssassin.cache.db file in that directory. >I trust SQLite installed okay? Do a MailScanner --version to check. Also do >a MailScanner --lint to see if it says anything bad. > >-- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar – get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ From lhaig at haigmail.com Wed Feb 1 23:17:57 2006 From: lhaig at haigmail.com (Lance Haig) Date: Wed Feb 1 23:18:00 2006 Subject: MS Slow after update to 4.50.14 on suse In-Reply-To: <43E1382D.8010603@haigmail.com> References: <43E1382D.8010603@haigmail.com> Message-ID: <43E141A5.7070300@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have also seen the following unable to write pid to /var/run/sendmail.pid: file in use by another process and Error in line 157, file "/var/run/MailScanner.pid" for pidfile does not exist (or can not be read) I have looked in the /var/run directory and the MailScanner.pid is not there. if I create the file then the error goes away Thanks Lance Lance Haig wrote: > I have a problem after upgrading. > > My MS is very slow processing mail. I have sent test text messages to > the system and they take between 28 to 31 seconds to process > > here is a snippet of the log Can anyone lead me in the right direction > to see why this is so low? > > Thanks > > Lance > > Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Found 2 messages > waiting > Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Scanning 1 > messages, 2009 bytes > Feb 1 22:56:27 mailhost MailScanner[2384]: Spam Checks: Starting > Feb 1 22:56:54 mailhost MailScanner[2384]: Virus and Content Scanning: > Starting > Feb 1 22:56:55 mailhost MailScanner[2384]: Uninfected: Delivered 1 messages > Feb 1 22:56:55 mailhost MailScanner[2384]: Batch processed in 27.65 seconds > Feb 1 22:56:55 mailhost MailScanner[2384]: Logging message > k11MuMV5003084 to SQL > Feb 1 22:56:55 mailhost MailScanner[2384]: "Always Looked Up Last" took > 0.00 seconds > Feb 1 22:56:55 mailhost sendmail[3114]: k11MuMV5003084: > to=, delay=00:00:28, xdelay=00:00:00, > mailer=esmtp, pri=121508, relay=[194.143.190.32] [194.143.190.32], > dsn=2.0.0, stat=Sent (OK) > Feb 1 22:56:55 mailhost MailScanner[26335]: k11MuMV5003084: Logged to > MailWatch SQL > Feb 1 22:56:56 mailhost MailScanner[2292]: Virus and Content Scanning: > Starting > Feb 1 22:56:58 mailhost MailScanner[2292]: Uninfected: Delivered 1 messages > Feb 1 22:56:58 mailhost MailScanner[2292]: Batch processed in 34.43 seconds > Feb 1 22:56:58 mailhost MailScanner[2292]: Logging message > k11MuM6S003085 to SQL > Feb 1 22:56:58 mailhost MailScanner[2292]: "Always Looked Up Last" took > 0.00 seconds > Feb 1 22:56:58 mailhost MailScanner[26335]: k11MuM6S003085: Logged to > MailWatch SQL > Feb 1 22:56:59 mailhost sendmail[3122]: k11MuM6S003085: > to=, delay=00:00:37, xdelay=00:00:01, mailer=esmtp, > pri=121504, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, > stat=Sent (OK) > Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: > from=, size=4772, class=-30, > nrcpts=1, msgid=<43E12E21.7080002@noacon.com>, proto=ESMTP, daemon=MTA, > relay=bkserver.blacknight.ie [83.98.166.45] > Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: > to=, delay=00:00:00, mailer=esmtp, pri=88772, > stat=queued > Feb 1 22:57:19 mailhost MailScanner[993]: New Batch: Scanning 1 > messages, 5347 bytes > Feb 1 22:57:19 mailhost MailScanner[993]: Spam Checks: Starting > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string spam > in language translation file /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > notspam in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Whitelist refresh time reached > Feb 1 22:57:19 mailhost MailScanner[993]: Starting up SQL Whitelist > Feb 1 22:57:19 mailhost MailScanner[993]: Read 8 whitelist entries > Feb 1 22:57:19 mailhost MailScanner[993]: Message k11MvIXH003138 from > 83.98.166.45 (mailscanner-bounces@lists.mailscanner.info) is whitelisted > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > mailscanner in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > unreadablearchive in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > passwordedarchive in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > archivetoodeep in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Virus and Content Scanning: > Starting > Feb 1 22:57:20 mailhost MailScanner[993]: Looked up unknown string > mailscanner in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:20 mailhost MailScanner[993]: Uninfected: Delivered 1 messages > Feb 1 22:57:20 mailhost MailScanner[993]: Batch processed in 1.31 seconds > Feb 1 22:57:20 mailhost MailScanner[993]: Logging message > k11MvIXH003138 to SQL > Feb 1 22:57:20 mailhost MailScanner[993]: "Always Looked Up Last" took > 0.00 seconds > Feb 1 22:57:20 mailhost MailScanner[26335]: k11MvIXH003138: Logged to > MailWatch SQL > Feb 1 22:57:20 mailhost sendmail[3147]: k11MvIXH003138: > to=, delay=00:00:02, xdelay=00:00:00, mailer=esmtp, > pri=178772, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, > stat=Sent (OK) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4UGlM4kHBIBZ61gRAnHBAJ9RPsVwgvItNjyR4Zpj5nLad6dRqQCfYsfO eYuf/uCgpo7WTsCyiu8EkzY= =cwUx -----END PGP SIGNATURE----- From lhaig at haigmail.com Wed Feb 1 23:24:37 2006 From: lhaig at haigmail.com (Lance Haig) Date: Wed Feb 1 23:24:43 2006 Subject: MS Slow after update to 4.50.14 on suse In-Reply-To: <43E141A5.7070300@haigmail.com> References: <43E1382D.8010603@haigmail.com> <43E141A5.7070300@haigmail.com> Message-ID: <43E14335.4030109@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have checked that my sendmail is dsiabled in the runlevels Where else can I look to fix this Lance Lance Haig wrote: > I have also seen the following > > unable to write pid to /var/run/sendmail.pid: file in use by another process > > and > > Error in line 157, file "/var/run/MailScanner.pid" for pidfile does not > exist (or can not be read) > > I have looked in the /var/run directory and the MailScanner.pid is not > there. if I create the file then the error goes away > > Thanks > > Lance > > > Lance Haig wrote: >>> I have a problem after upgrading. >>> >>> My MS is very slow processing mail. I have sent test text messages to >>> the system and they take between 28 to 31 seconds to process >>> >>> here is a snippet of the log Can anyone lead me in the right direction >>> to see why this is so low? >>> >>> Thanks >>> >>> Lance >>> >>> Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Found 2 messages >>> waiting >>> Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Scanning 1 >>> messages, 2009 bytes >>> Feb 1 22:56:27 mailhost MailScanner[2384]: Spam Checks: Starting >>> Feb 1 22:56:54 mailhost MailScanner[2384]: Virus and Content Scanning: >>> Starting >>> Feb 1 22:56:55 mailhost MailScanner[2384]: Uninfected: Delivered 1 messages >>> Feb 1 22:56:55 mailhost MailScanner[2384]: Batch processed in 27.65 seconds >>> Feb 1 22:56:55 mailhost MailScanner[2384]: Logging message >>> k11MuMV5003084 to SQL >>> Feb 1 22:56:55 mailhost MailScanner[2384]: "Always Looked Up Last" took >>> 0.00 seconds >>> Feb 1 22:56:55 mailhost sendmail[3114]: k11MuMV5003084: >>> to=, delay=00:00:28, xdelay=00:00:00, >>> mailer=esmtp, pri=121508, relay=[194.143.190.32] [194.143.190.32], >>> dsn=2.0.0, stat=Sent (OK) >>> Feb 1 22:56:55 mailhost MailScanner[26335]: k11MuMV5003084: Logged to >>> MailWatch SQL >>> Feb 1 22:56:56 mailhost MailScanner[2292]: Virus and Content Scanning: >>> Starting >>> Feb 1 22:56:58 mailhost MailScanner[2292]: Uninfected: Delivered 1 messages >>> Feb 1 22:56:58 mailhost MailScanner[2292]: Batch processed in 34.43 seconds >>> Feb 1 22:56:58 mailhost MailScanner[2292]: Logging message >>> k11MuM6S003085 to SQL >>> Feb 1 22:56:58 mailhost MailScanner[2292]: "Always Looked Up Last" took >>> 0.00 seconds >>> Feb 1 22:56:58 mailhost MailScanner[26335]: k11MuM6S003085: Logged to >>> MailWatch SQL >>> Feb 1 22:56:59 mailhost sendmail[3122]: k11MuM6S003085: >>> to=, delay=00:00:37, xdelay=00:00:01, mailer=esmtp, >>> pri=121504, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, >>> stat=Sent (OK) >>> Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: >>> from=, size=4772, class=-30, >>> nrcpts=1, msgid=<43E12E21.7080002@noacon.com>, proto=ESMTP, daemon=MTA, >>> relay=bkserver.blacknight.ie [83.98.166.45] >>> Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: >>> to=, delay=00:00:00, mailer=esmtp, pri=88772, >>> stat=queued >>> Feb 1 22:57:19 mailhost MailScanner[993]: New Batch: Scanning 1 >>> messages, 5347 bytes >>> Feb 1 22:57:19 mailhost MailScanner[993]: Spam Checks: Starting >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string spam >>> in language translation file /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> notspam in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Whitelist refresh time reached >>> Feb 1 22:57:19 mailhost MailScanner[993]: Starting up SQL Whitelist >>> Feb 1 22:57:19 mailhost MailScanner[993]: Read 8 whitelist entries >>> Feb 1 22:57:19 mailhost MailScanner[993]: Message k11MvIXH003138 from >>> 83.98.166.45 (mailscanner-bounces@lists.mailscanner.info) is whitelisted >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> mailscanner in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> unreadablearchive in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> passwordedarchive in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> archivetoodeep in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Virus and Content Scanning: >>> Starting >>> Feb 1 22:57:20 mailhost MailScanner[993]: Looked up unknown string >>> mailscanner in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:20 mailhost MailScanner[993]: Uninfected: Delivered 1 messages >>> Feb 1 22:57:20 mailhost MailScanner[993]: Batch processed in 1.31 seconds >>> Feb 1 22:57:20 mailhost MailScanner[993]: Logging message >>> k11MvIXH003138 to SQL >>> Feb 1 22:57:20 mailhost MailScanner[993]: "Always Looked Up Last" took >>> 0.00 seconds >>> Feb 1 22:57:20 mailhost MailScanner[26335]: k11MvIXH003138: Logged to >>> MailWatch SQL >>> Feb 1 22:57:20 mailhost sendmail[3147]: k11MvIXH003138: >>> to=, delay=00:00:02, xdelay=00:00:00, mailer=esmtp, >>> pri=178772, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, >>> stat=Sent (OK) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4UM1M4kHBIBZ61gRAh05AJ9DJN75gsW+Vano7ItoC4c1sKsq4ACeKo3r vlAyHYRsN5mkTMwWvQ8lS/o= =5+BW -----END PGP SIGNATURE----- From glenn.steen at gmail.com Wed Feb 1 23:25:49 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 1 23:25:52 2006 Subject: Problems starting after upgrading to 4.50.14 In-Reply-To: References: <43E13126.9030206@ecs.soton.ac.uk> Message-ID: <223f97700602011525t27264a64o@mail.gmail.com> On 02/02/06, David Curtis wrote: > I did not happen to see any problems with the SQLlite, I am not sure what it > is using for a work dir, Where do I find that setting? I have never changed > it as far as I am aware, and it had been working up unitll this upgrade. > Do ls -la /var/spool/MailScanner/incoming and check that the permissions on the directory (.) will permit the postfix user (or group) to create the file ... Else it'll carp just like that. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dcurtisathome at hotmail.com Wed Feb 1 23:37:42 2006 From: dcurtisathome at hotmail.com (David Curtis) Date: Wed Feb 1 23:37:46 2006 Subject: Problems starting after upgrading to 4.50.14 In-Reply-To: <223f97700602011525t27264a64o@mail.gmail.com> Message-ID: [root@sbschools dns]# ls -la /var/spool/MailScanner/incoming/ total 8 drwxrwxrwx 2 postfix postfix 4096 Feb 1 16:07 . drwxr-xr-x 4 root root 4096 Oct 10 15:12 .. Thanks, Dave >From: Glenn Steen >Reply-To: MailScanner discussion >To: MailScanner discussion >Subject: Re: Problems starting after upgrading to 4.50.14 >Date: Thu, 2 Feb 2006 00:25:49 +0100 > >On 02/02/06, David Curtis wrote: > > I did not happen to see any problems with the SQLlite, I am not sure >what it > > is using for a work dir, Where do I find that setting? I have never >changed > > it as far as I am aware, and it had been working up unitll this upgrade. > > >Do >ls -la /var/spool/MailScanner/incoming >and check that the permissions on the directory (.) will permit the >postfix user (or group) to create the file ... Else it'll carp just >like that. > >-- >-- Glenn >email: glenn < dot > steen < at > gmail < dot > com >work: glenn < dot > steen < at > ap1 < dot > se >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! _________________________________________________________________ Don’t just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ From dmehler26 at woh.rr.com Wed Feb 1 23:32:27 2006 From: dmehler26 at woh.rr.com (Dave) Date: Wed Feb 1 23:41:39 2006 Subject: mailscanner and perdomain white and blacklists Message-ID: <003f01c62787$c3f61370$0200a8c0@satellite> Hello, I've got a mailscanner install with sendmail. It's working fine and it's working for multiple users. Now i'm getting requests from user a to add a username/domain to a blacklist file and user b to add another username/domain to a whitelist file. These i'm thinking should be separate as they are separate domains. This is on an fc4 box. Is this doable, any help appreciated. Thanks. Dave. From glenn.steen at gmail.com Thu Feb 2 00:40:39 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 2 00:40:42 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: Message-ID: <223f97700602011640o2eea2318y@mail.gmail.com> On 01/02/06, Richard Edge wrote: > If I change the line: > > Score ALL_TRUSTED 0 > > To: > > core ALL_TRUSTED > > Then the output from "spamassassin -p /etc/mail/mailscanner.cf --lint" > gives me a: > > [22778] warn: config: failed to parse line, skipping: core ALL_TRUSTED 0 > [22778] warn: lint: 1 issues detected, please rerun with debug enabled > for more information > Um, does it carp if you don't specify "-p /etc/mail/mailscanner.cf " too? You shouldn't need use it as a preference file anymore, since it should be part of the site rules... A plain "spamassassin --lint" should suffice. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From taz at taz-mania.com Thu Feb 2 00:52:03 2006 From: taz at taz-mania.com (Dennis Willson) Date: Thu Feb 2 00:52:10 2006 Subject: mailscanner and perdomain white and blacklists In-Reply-To: <003f01c62787$c3f61370$0200a8c0@satellite> References: <003f01c62787$c3f61370$0200a8c0@satellite> Message-ID: <43E157B3.3060109@taz-mania.com> Try using mailwatch.... It does this very nicely and uses a mysql database for the white and black lists. There is even a way for the users to manage their own lists. Dave wrote: > Hello, > I've got a mailscanner install with sendmail. It's working fine and > it's working for multiple users. Now i'm getting requests from user a to > add a username/domain to a blacklist file and user b to add another > username/domain to a whitelist file. These i'm thinking should be > separate as they are separate domains. This is on an fc4 box. Is this > doable, any help appreciated. > Thanks. > Dave. > From mkettler at evi-inc.com Thu Feb 2 00:59:23 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Feb 2 00:59:33 2006 Subject: ALL_TRUSTED problems In-Reply-To: <223f97700602011640o2eea2318y@mail.gmail.com> References: <223f97700602011640o2eea2318y@mail.gmail.com> Message-ID: <43E1596B.40101@evi-inc.com> Glenn Steen wrote: > On 01/02/06, Richard Edge wrote: >> If I change the line: >> >> Score ALL_TRUSTED 0 >> >> To: >> >> core ALL_TRUSTED >> >> Then the output from "spamassassin -p /etc/mail/mailscanner.cf --lint" >> gives me a: >> >> [22778] warn: config: failed to parse line, skipping: core ALL_TRUSTED 0 >> [22778] warn: lint: 1 issues detected, please rerun with debug enabled >> for more information >> > > Um, does it carp if you don't specify "-p /etc/mail/mailscanner.cf " > too? You shouldn't need use it as a preference file straws:-)> anymore, since it should be part of the site rules... A > plain "spamassassin --lint" should suffice. > Erm, what on earth is mailscanner.cf doing in /etc/mail/?? it belongs in /etc/mail/spamassassin or /etc/spamassassin, or some other directory containing the word "spamassassin" depending on how your SA is configured. Realistically you should *NEVER*, EVER under any condition use -p to point to any site-level file. It should only point to a user level file. Mailscanner.cf is NOT a user level file. The whole reason mailscanner.cf was created was to ensure it was NOT used as a user prefs file. mailscanner.cf contains options that are ONLY valid at the site-wide level. Do NOT pass this -p. It belongs in the SA site-config directory so SA always parses it, and to make sure that SA correctly parses it. If it's not in the site config directory, SA won't parse it when mailscanner runs. New versions of Mailscanner do NOT pass mailscanner.cf as a user prefs file, thus by adding -p you are changing the behavior of spamassassin to be different than what Mailscanner does with it. I know this is contrary to how old versions of MS worked. In old versions, spam.assassin.prefs.conf was passed as a user_prefs replacement. However, This file kept pushing options in which are only valid at the site level. It also pushed options such as bayes_path which need to be passed to all instances of sa on the system, such as sa-learn. After some prodding, Julian finally created MailScanner.cf, a file to be placed alongside local.cf and other site-wide config files. This way any call to SA automatically parses this file. From ssilva at sgvwater.com Thu Feb 2 00:59:08 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 2 00:59:38 2006 Subject: Having trouble with mqueue.in In-Reply-To: <43E12E21.7080002@noacon.com> References: <43E122C3.20705@noacon.com> <43E129E4.1040304@ecs.soton.ac.uk> <43E12E21.7080002@noacon.com> Message-ID: Tim Grooms spake the following on 2/1/2006 1:54 PM: > Julian Field wrote: >> >> >> Tim Grooms wrote: >>> Installed MailScanner-4.50.14-1 and ClamAV/SpamAssassin today from >>> the rpm files >>> MailScanner-4.50.14-1.rpm.tar.gz and >>> install-Clam-SA.tar.gz >>> >>> Everything seemed to work fine in the installs. Ran >>> upgrade_MailScanner_conf and >>> upgrade_languages.conf and those seemed to go ok as well. >>> >>> I am using Fedora Core 4 and sendmail. I cannot get incoming mail to >>> come through and get >>> the following when trying to start MailScanner: >>> >>> --------------------------------------------------------------------------------------------------------- >>> >>> >>> [root@www log]# service MailScanner start >>> Starting MailScanner daemons: >>> incoming sendmail: Warning: Option: AuthOptions requires >>> SASL support (-DSASL) >> Look for AuthOptions in /etc/mail/sendmail.cf. Try commenting it out >> completely. > > Ok, I'll do that next. >>> /): No such file or directoryspool/mqueue.in >> Did it really say that? If so, you've screwed up /var/spool/mqueue.in >> somewhere. Check it printed exactly this. You should have a >> /var/spool/mqueue.in directory with the same permissions as >> /var/spool/mqueue. > Yep, that's exactly what it said and I do have both directorys with the > same permissions. When I tell it to stop MailScanner I get the > following line: > > : No such file or directoryne 315: cd: /var/spool/MailScanner/incoming > > but there is a /var/spool/MailScanner/incoming folder also. I can stop > MailScanner and start sendmail and I can receive mail again. But once I > stop > sendmail and start MailScanner my mail stops coming in again. >>> >>> [OK] >>> outgoing sendmail: Warning: Option: AuthOptions requires >>> SASL support (-DSASL) >>> >>> [OK] >>> >>> MailScanner >>> [OK] >>> [root@www log]# >>> >>> ---------------------------------------------------------------------------------------------------------- >>> >>> >>> There are no errors in the maillog file everything appears to start >>> normally. I have checked the >>> folders and permissions in /var/spool and all seems OK there as well >>> as the path in >>> MailScanner.conf to both incoming and outgoing queues. >>> >>> Any suggestions? I'm stumped. >>> >>> Thanks. >>> >> > > Thanks for the help. > Tim > It looks like there is something wrong in your MailScanner.conf file. Read it carefully from top to bottom. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From Edge at twu.ca Thu Feb 2 01:08:58 2006 From: Edge at twu.ca (Richard Edge) Date: Thu Feb 2 01:09:19 2006 Subject: ALL_TRUSTED problems Message-ID: Nope, it gives no errors there either. With the -D option is gives me the same information as previous. Another odd thing is that -D --lint seems to respond to changes of "use_pyzor 0" to "use_pyzor 0" and back as does "use_dcc 0" to "use_dcc 1". The -D --lint turns these functions off and on as they should but I don't see any reference to these tests in the maillog either. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Wednesday, February 01, 2006 4:41 PM To: MailScanner discussion Subject: Re: ALL_TRUSTED problems On 01/02/06, Richard Edge wrote: > If I change the line: > > Score ALL_TRUSTED 0 > > To: > > core ALL_TRUSTED > > Then the output from "spamassassin -p /etc/mail/mailscanner.cf --lint" > gives me a: > > [22778] warn: config: failed to parse line, skipping: core ALL_TRUSTED > 0 [22778] warn: lint: 1 issues detected, please rerun with debug > enabled for more information > Um, does it carp if you don't specify "-p /etc/mail/mailscanner.cf " too? You shouldn't need use it as a preference file anymore, since it should be part of the site rules... A plain "spamassassin --lint" should suffice. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Edge at twu.ca Thu Feb 2 01:13:20 2006 From: Edge at twu.ca (Richard Edge) Date: Thu Feb 2 01:15:04 2006 Subject: ALL_TRUSTED problems Message-ID: Sorry. A typo on my part. It is actually in /etc/mail/spamasassin. I guess I was using the -p which was mentioned in some docs from an earlier version of MailScanner and SA that I was using. As I mentioned in another email, 'spamassassin -D --lint' gives me the same output as previously reported here. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Kettler Sent: Wednesday, February 01, 2006 4:59 PM To: MailScanner discussion Subject: Re: ALL_TRUSTED problems Glenn Steen wrote: > On 01/02/06, Richard Edge wrote: >> If I change the line: >> >> Score ALL_TRUSTED 0 >> >> To: >> >> core ALL_TRUSTED >> >> Then the output from "spamassassin -p /etc/mail/mailscanner.cf --lint" >> gives me a: >> >> [22778] warn: config: failed to parse line, skipping: core >> ALL_TRUSTED 0 [22778] warn: lint: 1 issues detected, please rerun >> with debug enabled for more information >> > > Um, does it carp if you don't specify "-p /etc/mail/mailscanner.cf " > too? You shouldn't need use it as a preference file straws:-)> anymore, since it should be part of the site rules... A > plain "spamassassin --lint" should suffice. > Erm, what on earth is mailscanner.cf doing in /etc/mail/?? it belongs in /etc/mail/spamassassin or /etc/spamassassin, or some other directory containing the word "spamassassin" depending on how your SA is configured. Realistically you should *NEVER*, EVER under any condition use -p to point to any site-level file. It should only point to a user level file. Mailscanner.cf is NOT a user level file. The whole reason mailscanner.cf was created was to ensure it was NOT used as a user prefs file. mailscanner.cf contains options that are ONLY valid at the site-wide level. Do NOT pass this -p. It belongs in the SA site-config directory so SA always parses it, and to make sure that SA correctly parses it. If it's not in the site config directory, SA won't parse it when mailscanner runs. New versions of Mailscanner do NOT pass mailscanner.cf as a user prefs file, thus by adding -p you are changing the behavior of spamassassin to be different than what Mailscanner does with it. I know this is contrary to how old versions of MS worked. In old versions, spam.assassin.prefs.conf was passed as a user_prefs replacement. However, This file kept pushing options in which are only valid at the site level. It also pushed options such as bayes_path which need to be passed to all instances of sa on the system, such as sa-learn. After some prodding, Julian finally created MailScanner.cf, a file to be placed alongside local.cf and other site-wide config files. This way any call to SA automatically parses this file. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mhw at WittsEnd.com Thu Feb 2 01:58:49 2006 From: mhw at WittsEnd.com (Michael H. Warfield) Date: Thu Feb 2 01:59:18 2006 Subject: Attachment Warnings - End of Line Behavior Changed (CR, LF) In-Reply-To: <43E0D70F.9080804@USherbrooke.ca> References: <6a4915590601301601s5399fd75jabf461d86eaf5d71@mail.gmail.com> <6a4915590602010730t3055651elef164558540cee58@mail.gmail.com> <43E0D70F.9080804@USherbrooke.ca> Message-ID: <1138845529.4025.80.camel@canyon.wittsend.com> On Wed, 2006-02-01 at 10:43 -0500, Denis Beauchemin wrote: > Marco Radzinschi wrote: > > Hello: > > I noticed that the CR/LF behavior has changed in the newest version of > > MailScanner (4.49) from DOS (LF only) to Unix-type text files > > (+) for the generated attachment warnings. > DOS = CR+LF, Unix/Linux = LF > > I treid removing the excess characters in the report templates > > myself, but I noticed that the Perl script still appends to the report > > templates with +, which makes it appear mangled on a GroupWise > > system running on Windows. > > I did not see a configuration option for this, so I am assuming that > > it is hard-coded somewhere in the script, or in one of the external > > modules that the script uses. Does anyone know how to change this > > behavior? > This has been discussed previously (about 1-2 weeks ago). It is > probably a bug in MIME::Tools IIRC. Some people were supposed to talk > to the developer to get a fix. Don't know how it turned out... Turns out it's far worse than we imagined. It's not really a "bug" in MIME::Tools per se. Rather, it's an ambiguity in the entire quoted-printable encoding on top of the issues of LF vs CR/LF. Some of that's all the way down in the core Perl MIME stuff below MIME::Tools. By re-encoding MIME attachments, we may end up with the entire encoded attachment altered even though the canonical text remains the same. This is a big no-no for signed attachments and that's what Julian is referring to as a big problem that's being worked on. I suspect I dumped a rather odious hairball in his lap over the whole PGP/MIME / S/MIME mess of which the eol line termination endings are only a minor part. Fixing MIME::Tools turns out not to fix any of it. But some hooks into MIME::Tools for saving the encoded parts by be the workaround for both problems. Work in progress... ITMT... Turn off "Sign Clean Messages". > Denis > -- > _ > ?v? Denis Beauchemin, analyste > /(_)\ Universit? de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x2252 F: 819.821.8045 Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060201/ad4e2b15/attachment.bin From Carl.Andrews at crackerbarrel.com Thu Feb 2 02:27:55 2006 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Thu Feb 2 02:28:52 2006 Subject: Password Protected PDFs Message-ID: <18BAD67B3136234285A06EB137C5CBD102F9ED29@exchange03.CBOCS.com> Sorry this would be important: Virus Scanners = clamav bitdefender sophos MailScanner Version: 4.5.10 Thanks again! -----Original Message----- From: Andrews Carl 448 Sent: Wednesday, February 01, 2006 8:19 PM To: 'MailScanner discussion' Subject: Password Protected PDFs I am having a problem allowing password protected PDFs in from an address to an address using a ruleset. The ruleset works great, if I put the lines in the virus.scanning.rules file. I tried the Allow Password-Protected Archives option, but PDFs are not achives and so mailscanner, correctly, ignores that rule. The log file shows "MailScanner [####]: Viruses marked as silent: Password protected file .", so this is a virus setting but I can not find it. Could someone tell me what option I need to point to my ruleset or do I have to use the virus.scanning.rules? Thanks! Carl From Carl.Andrews at crackerbarrel.com Thu Feb 2 02:18:56 2006 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Thu Feb 2 08:50:03 2006 Subject: Password Protected PDFs Message-ID: <18BAD67B3136234285A06EB137C5CBD102F9ED28@exchange03.CBOCS.com> I am having a problem allowing password protected PDFs in from an address to an address using a ruleset. The ruleset works great, if I put the lines in the virus.scanning.rules file. I tried the Allow Password-Protected Archives option, but PDFs are not achives and so mailscanner, correctly, ignores that rule. The log file shows "MailScanner [####]: Viruses marked as silent: Password protected file .", so this is a virus setting but I can not find it. Could someone tell me what option I need to point to my ruleset or do I have to use the virus.scanning.rules? Thanks! Carl From MailScanner at ecs.soton.ac.uk Thu Feb 2 08:57:34 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 08:57:44 2006 Subject: SQLite and postfix... In-Reply-To: <223f97700602011346p327e1b06y@mail.gmail.com> References: <223f97700602010923w68b73106l@mail.gmail.com> <223f97700602011216x753fafccx@mail.gmail.com> <43E126BC.3020108@ecs.soton.ac.uk> <223f97700602011346p327e1b06y@mail.gmail.com> Message-ID: <6F3A6C09-CC53-435F-A432-8CAB51A0ACDD@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 1 Feb 2006, at 21:46, Glenn Steen wrote: > On 01/02/06, Julian Field wrote: >> Glenn Steen wrote: >>> ---------- Forwarded message ---------- >>> From: Glenn Steen >>> Date: 01-Feb-2006 18:23 >>> Subject: SQLite and postfix... >>> To: MailScanner@lists.mailscanner.info >>> >>> >>> Just a note, if this hasn't been covered already: >>> >>> Updated to the latest stable (4.50.14) on my prod machine running >>> postfix...It's a Mdv 10.2, so I used that rpm method. >>> >>> Apparantly the SQLite db got created during install, with only >>> user rw >>> perms... and a "non-postfix" user. This made MailScanner loop during >>> startup (all the children died immediately). Running --debug >>> complained about line 172 in SA.pm, which happen to be an >>> operation on >>> the SQLite, so ... eventually led me right:-). >>> >>> Simple fix is to remove the file >>> /var/spool/MailScanner/incoming/SpamAssassin.cache.db and do >>> "service >>> MailScanner restart" ... and a pristine file with the correect >>> perms/owner get created. One could've just changed the owner, of >>> course:-). >>> >>> Other than that, it looks to be _really_ nice... and fast. >> The db file shouldn't be created by the installation. Are you sure >> you >> didn't run it at all before setting the Run As User? > > Yeah, pretty sure. It was an upgrade, not an install... So MailScanner > was already set for the postfix user, and yes... I did do the > suggested upgrade of conf file (and triple checked with diff and > reading the file from top to bottom and --linting) before restarting > the MailScanner service and putting in the first message (via > telnet)... Immediately noted a few processes, and the > message just sat there... So I don't think it was anything like that. > I'll probably get to redo the upgrade tomorrow (on the other server), > and will be sure to take better notes then. > Come to think of it, I might have done a "MailScanner --lint" before > upgrading the MailScanner.conf file... It complained about the > spurious spam.assassin.prefs.conf line, IIRC... But it should still > have switched into "postfix" user, right? Or did that prevent it from > using it, then perform the spam cache query ... which then created the > bum file? > I'll try retrace my steps tomorrow and see what gives. You are exactly right. I guess I should move the "change user" code a bit. 4.50.14-2 produces a proper error message in this situation now, it doesn't just die. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+HJgfw32o+k+q+hAQENbQgAtFjZ9L5tJ7jsc31jUvD8SdO6UxzZRmrc ph8gg3olHJp3hF42BVuQGDgFdv0MHthV+m5c1nx0SMai+wF505rOz43UvrQw8DQJ PcyIr3pH972SaAzBnnSLRZuhHnI+OCmZV02NkzqjhF5++81I8D1ExW40jdoHkrk/ r9xBH78eO6TciKtF8hYl72CnWN7+Fgyd/tFdwp35RpNa+6L/cDZscms3UZITFz7F zEUE+X/ige/I0EE611B6EKCg/vp3CEDFXNlfh9AGI1bgBRL9NzDLqGPXkQDoLNWC NWxtrca2fDj0yFoNCe21BD/87Uie5RjYjLVVqMFztq2thHagkLPyPA== =0QHj -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 2 08:58:12 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 08:58:20 2006 Subject: Downloading the latest update :-) In-Reply-To: <43E12D2E.2070106@haigmail.com> References: <43E12132.5060402@haigmail.com> <43E1293C.5020503@ecs.soton.ac.uk> <43E12D2E.2070106@haigmail.com> Message-ID: <77EB9F6B-9FC6-48BE-B4CD-DD5BF130880F@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 1 Feb 2006, at 21:50, Lance Haig wrote: > * PGP Signed by an unknown key: 02/01/06 at 21:50:38 > > I have an error in my Mailscanner --lint command > > mailhost:~ # MailScanner --lint > Possible syntax error on line 19 of /etc/MailScanner/ > filename.rules.conf > at /usr/lib/MailScanner/MailScanner/Config.pm line 1274 > Remember to separate fields with tab characters! at > /usr/lib/MailScanner/MailScanner/Config.pm line 1276 > Read 710 hostnames from the phishing whitelist > Config: calling custom init function SQLBlacklist > Config: calling custom init function MailWatchLogging > Config: calling custom init function SQLWhitelist > Checking SpamAssassin errors (if you use it), this may take some > time... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > > MailScanner.conf says "Virus Scanners = clamavmodule bitdefender" > Found these virus scanners installed: bitdefender, clamavmodule > > I have checked the file and all fields are seperated by tabs so I am a > bit confused. > > Can anyone shed some light? Exactly what does line 19 of that file say? > > Lance > > Julian Field wrote: >> Lance Haig wrote: >>> Is it easier to download the SA clam package from Julians site to >>> update >>> clam or would it be better to just update clam from the clam site? >>> >>> I don't want to lose the clamavmodule part of the install as I >>> have had >>> problems installing it in the past. >>> >>> I have SA 3.1 and Clamav 87 on suse 9.3 >>> >> I would do my package. It will upgrade Clam then rebuild Mail::ClamAV >> and link it against the Clam it just built. >> More reliable in my view. >> >> I don't like building perl modules that call C libraries without >> knowing >> I had the latest C library when it was linked together. >> > > * Unknown Key > * 0x8059EB58 (L) > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+HJpvw32o+k+q+hAQFjUwf/U5FSUkloeDhKrZkzLukadbH5Ayuo6CBi YHkfj7DXBt14KCQqCUDpKuhjwTRVPc4bbcrzL3vzsYGO137ArtqFQYvEQiRuZnj1 f2ostkcWcoeamABoS72LMimoGE/lHUZmKI34whJOrMHa8KnMRSFtHEzQvmLh1hUV J1Mh1qHqPs7UVtwff1LqWipCT4JLDuaiNz3U1FNAEdBQ1jzdONtrH9w5RXWkUZ0K u8C2nPd9NZK3YCBUyx7QufVGQ5oqENyinP3OjjLv8ylz26xtkYJiUw+BQneqaDDX zEZ3NGD5y42nvCGOxIqcvp64i4jM+mw154AvaRbzutDugWGWpT0MTw== =iqcP -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 2 09:00:25 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 09:00:37 2006 Subject: Having trouble with mqueue.in In-Reply-To: <43E12E21.7080002@noacon.com> References: <43E122C3.20705@noacon.com> <43E129E4.1040304@ecs.soton.ac.uk> <43E12E21.7080002@noacon.com> Message-ID: <4AC3267C-BD78-4C9A-AAFD-B82B100C5FBB@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 1 Feb 2006, at 21:54, Tim Grooms wrote: > Julian Field wrote: >> >> Tim Grooms wrote: >>> Installed MailScanner-4.50.14-1 and ClamAV/SpamAssassin today >>> from the rpm files >>> MailScanner-4.50.14-1.rpm.tar.gz and >>> install-Clam-SA.tar.gz >>> >>> Everything seemed to work fine in the installs. Ran >>> upgrade_MailScanner_conf and >>> upgrade_languages.conf and those seemed to go ok as well. >>> >>> I am using Fedora Core 4 and sendmail. I cannot get incoming >>> mail to come through and get >>> the following when trying to start MailScanner: >>> >>> -------------------------------------------------------------------- >>> ------------------------------------- >>> >>> [root@www log]# service MailScanner start >>> Starting MailScanner daemons: >>> incoming sendmail: Warning: Option: AuthOptions >>> requires SASL support (-DSASL) >> Look for AuthOptions in /etc/mail/sendmail.cf. Try commenting it >> out completely. > > Ok, I'll do that next. >>> /): No such file or directoryspool/mqueue.in >> Did it really say that? If so, you've screwed up /var/spool/ >> mqueue.in somewhere. Check it printed exactly this. You should >> have a /var/spool/mqueue.in directory with the same permissions >> as /var/spool/mqueue. > Yep, that's exactly what it said and I do have both directorys with > the same permissions. When I tell it to stop MailScanner I get the > following line: > > : No such file or directoryne 315: cd: /var/spool/MailScanner/incoming > > but there is a /var/spool/MailScanner/incoming folder also. I can > stop MailScanner and start sendmail and I can receive mail again. > But once I stop > sendmail and start MailScanner my mail stops coming in again. >>> >>> [OK] >>> outgoing sendmail: Warning: Option: AuthOptions >>> requires SASL support (-DSASL) >>> >>> [OK] >>> >>> MailScanner >>> [OK] >>> [root@www log]# >>> >>> -------------------------------------------------------------------- >>> -------------------------------------- >>> >>> There are no errors in the maillog file everything appears to >>> start normally. I have checked the >>> folders and permissions in /var/spool and all seems OK there as >>> well as the path in >>> MailScanner.conf to both incoming and outgoing queues. I still think it is to do with the ownership of /var/spool/ MailScanner/incoming. Can the "Run As User" read all the directories down from / to /var/spool/MailScanner/incoming? It needs to be able to read them all or MailScanner won't be able to reach the dir. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+HKLPw32o+k+q+hAQFF0Qf/QEv5N9GuZjy/yU1Rlv9jAGqPnW7frZvQ rcG31v/PdMb0PAYhEsiRQzEylvH+caLEVGdY4leqSt39q06Zc8WCU9SVsmVQYfFB lKq+YGUqPn5rR7I4YBdubfHgHHQrJepWX62oK0zj3tWbcPf5MZyKkdJ2YqcKEj5E sfr2NL/2o+2ca7m34aAIYFi1VXdxf1oR6IiuEnz//CUd0mxYVHIWLsW2S3VmJH/f a2mED9nko9dh8U4m3JKau2/znfpXNEXE8P8+skTEW4LyPeH6dIy90Yzq+hN0eOh9 LhQ0hV5qrNUnP7IG3y/ohIJPr07gwd2tuhAewHrC6oKIev8zAjQF+A== =d/bO -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 2 09:02:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 09:02:44 2006 Subject: Cannot install DBI with MS 4.50.14 In-Reply-To: <20060201220412.GA10311@gbcomputers.com> References: <20060201182512.GA30959@gbcomputers.com> <43E124E4.6070907@ecs.soton.ac.uk> <20060201220412.GA10311@gbcomputers.com> Message-ID: <6CA19CF5-E8DB-4855-BBC3-3DD2B3D8A136@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- What version of perl are you running? On 1 Feb 2006, at 22:04, Gregg Berkholtz wrote: > > ********************************************************************** > **** > Perl versions below 5.6.1 are no longer supported by the DBI. > Perl versions 5.6.x may fail during installation with a complaint > about the use of =head3 in the pod documentation. > Press return to continue... > ********************************************************************** > **** > > On Wed, Feb 01, 2006 at 09:15:16PM +0000, Julian Field wrote: >> Do >> >> perl -MCPAN -e shell >> install Storable >> quit >> >> Make sure it doesn't start upgrading your entire Perl installation, >> thump Ctrl-C like crazy if it does! >> >> Then try running the install.sh again. >> >> Gregg Berkholtz wrote: >>> It appears I cant install DBI as I'm getting the following error >>> after >>> running >>> MailScanner's install.sh on a Debian 3.0 system. Any assistance >>> is greatly >>> appreciated: >>> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+HKrfw32o+k+q+hAQGPcggAuUuAKLAgEDWoELnUxfSCifBTt6SEuC7i ftDx2M3uUpIP6TvlM8UHd0QTUDwrUYfF5rHzD2WQiQ4+7GT3bHqLWfAufSVurs41 t4PDef68xPCY3iViWVkpCkEm26nz3WSsykVVOAQSrSy8+xDQy1uZPbhZ9K6QURMi eGUKdQcQ3MOIPW6ywR84ZQT8Oy9jZgSDbkWIj27X98y1MvpBtzajsNrjaKgwbHP2 gKX7CVZl0JEeVlMq25/POdeuhnmdKhGxEQQasGB++MmCaJBpsZxG8L/z+Q7kn6z8 LYf57Zg8n96iM6Mj0Oj/MEdZVelB/mRbERiQvIncPPwW6Ox3qjlpBg== =t9IK -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 2 09:05:45 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 09:05:54 2006 Subject: MS Slow after update to 4.50.14 on suse In-Reply-To: <43E1382D.8010603@haigmail.com> References: <43E1382D.8010603@haigmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 1 Feb 2006, at 22:37, Lance Haig wrote: > * PGP Signed by an unknown key: 02/01/06 at 22:37:33 > > I have a problem after upgrading. > > My MS is very slow processing mail. I have sent test text messages to > the system and they take between 28 to 31 seconds to process > > here is a snippet of the log Can anyone lead me in the right direction > to see why this is so low? I would suspect a SpamAssassin problem. Run MailScanner --debug --debug-sa and see if it pauses anywhere at all. > > Thanks > > Lance > > Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Found 2 > messages > waiting > Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Scanning 1 > messages, 2009 bytes > Feb 1 22:56:27 mailhost MailScanner[2384]: Spam Checks: Starting > Feb 1 22:56:54 mailhost MailScanner[2384]: Virus and Content > Scanning: > Starting > Feb 1 22:56:55 mailhost MailScanner[2384]: Uninfected: Delivered 1 > messages > Feb 1 22:56:55 mailhost MailScanner[2384]: Batch processed in > 27.65 seconds > Feb 1 22:56:55 mailhost MailScanner[2384]: Logging message > k11MuMV5003084 to SQL > Feb 1 22:56:55 mailhost MailScanner[2384]: "Always Looked Up Last" > took > 0.00 seconds > Feb 1 22:56:55 mailhost sendmail[3114]: k11MuMV5003084: > to=, delay=00:00:28, xdelay=00:00:00, > mailer=esmtp, pri=121508, relay=[194.143.190.32] [194.143.190.32], > dsn=2.0.0, stat=Sent (OK) > Feb 1 22:56:55 mailhost MailScanner[26335]: k11MuMV5003084: Logged to > MailWatch SQL > Feb 1 22:56:56 mailhost MailScanner[2292]: Virus and Content > Scanning: > Starting > Feb 1 22:56:58 mailhost MailScanner[2292]: Uninfected: Delivered 1 > messages > Feb 1 22:56:58 mailhost MailScanner[2292]: Batch processed in > 34.43 seconds > Feb 1 22:56:58 mailhost MailScanner[2292]: Logging message > k11MuM6S003085 to SQL > Feb 1 22:56:58 mailhost MailScanner[2292]: "Always Looked Up Last" > took > 0.00 seconds > Feb 1 22:56:58 mailhost MailScanner[26335]: k11MuM6S003085: Logged to > MailWatch SQL > Feb 1 22:56:59 mailhost sendmail[3122]: k11MuM6S003085: > to=, delay=00:00:37, xdelay=00:00:01, > mailer=esmtp, > pri=121504, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, > stat=Sent (OK) > Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: > from=, size=4772, > class=-30, > nrcpts=1, msgid=<43E12E21.7080002@noacon.com>, proto=ESMTP, > daemon=MTA, > relay=bkserver.blacknight.ie [83.98.166.45] > Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: > to=, delay=00:00:00, mailer=esmtp, pri=88772, > stat=queued > Feb 1 22:57:19 mailhost MailScanner[993]: New Batch: Scanning 1 > messages, 5347 bytes > Feb 1 22:57:19 mailhost MailScanner[993]: Spam Checks: Starting > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > spam > in language translation file /etc/MailScanner/reports/en/ > languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > notspam in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Whitelist refresh time > reached > Feb 1 22:57:19 mailhost MailScanner[993]: Starting up SQL Whitelist > Feb 1 22:57:19 mailhost MailScanner[993]: Read 8 whitelist entries > Feb 1 22:57:19 mailhost MailScanner[993]: Message k11MvIXH003138 from > 83.98.166.45 (mailscanner-bounces@lists.mailscanner.info) is > whitelisted > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > mailscanner in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > unreadablearchive in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > passwordedarchive in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > archivetoodeep in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Virus and Content Scanning: > Starting > Feb 1 22:57:20 mailhost MailScanner[993]: Looked up unknown string > mailscanner in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:20 mailhost MailScanner[993]: Uninfected: Delivered 1 > messages > Feb 1 22:57:20 mailhost MailScanner[993]: Batch processed in 1.31 > seconds > Feb 1 22:57:20 mailhost MailScanner[993]: Logging message > k11MvIXH003138 to SQL > Feb 1 22:57:20 mailhost MailScanner[993]: "Always Looked Up Last" > took > 0.00 seconds > Feb 1 22:57:20 mailhost MailScanner[26335]: k11MvIXH003138: Logged to > MailWatch SQL > Feb 1 22:57:20 mailhost sendmail[3147]: k11MvIXH003138: > to=, delay=00:00:02, xdelay=00:00:00, > mailer=esmtp, > pri=178772, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, > stat=Sent (OK) > > * Unknown Key > * 0x8059EB58 (L) > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+HLbPw32o+k+q+hAQEAoAf/ROst8Ftq5KOWGrcoUdaJ+AhZDDkWs00n k28js+z49OO5pIieo7Z720+rPiAKur8MB11dY6fibvfQtTXqMNu0JHhoNuC8KMcm mGvivqwe6Isl+9hOR91qhLZb10Svc1A1pq7yxh3EgolEUT3NCajP8P5Hfaj4Njj2 JP6fSRVu+4H2y64XgpZT1yvtJ305nhkOKkwHzo9eJN7QoJvtAdnOda4HrFALjUAG 8akqfD4SKlpfwmau06iNJ+pDyyCBGsvJE+yoEOVGuMRgpAXDb7MHF2lxMPQaIpZ7 12p8aZfONpG1YhsiILUaMpki2BN8eZlhef2TkNlKQgr0RgjSChLywA== =epWc -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 2 09:09:24 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 09:09:38 2006 Subject: mailscanner and perdomain white and blacklists In-Reply-To: <003f01c62787$c3f61370$0200a8c0@satellite> References: <003f01c62787$c3f61370$0200a8c0@satellite> Message-ID: <46930868-3367-42BE-91FD-75B47F99B677@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 1 Feb 2006, at 23:32, Dave wrote: > Hello, > I've got a mailscanner install with sendmail. It's working fine > and it's working for multiple users. Now i'm getting requests from > user a to add a username/domain to a blacklist file and user b to > add another username/domain to a whitelist file. These i'm thinking > should be separate as they are separate domains. This is on an fc4 > box. Is this doable, any help appreciated. > Thanks. > Dave. Blacklist or whitelist in what sense? You basically just need a couple of rulesets, one for your blacklist and one for your whitelist. There is already a spam.whitelist.rules which you can use as a sample from which to create and use a spam.blacklist.rules file. Look in MailScanner.conf for spam.whitelist.rules and you will see how to refer a setting to a rules file. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+HMSPw32o+k+q+hAQFcjgf/b7C67K+nPF2k5yRxvHN4rmRhxSQuV+Eo ALqzDcgMPMNSnHGBTC2S0C+XPgzx0Fa3RIMzw7vMIHDuL6O5Gme4C2Hco4B6+taX vKISOpZ3mWI0HVWPYfytXBZwCBYG0MJBrIXDOr5pH/+R2HRxfQ0UGRkt63nojNiH D668v55qOGNMjxGx0JR9qLJNQhxtFaGMBvmZ8D5j74B1H+UX/yhL15hXgvST1lyO rQgiX+Fmc4ZIFhgc6G362AC5iSIh2ebXrYnyo9mt2Jdzu2KTScZjR7A0xKiPWOf5 uVmaHMRFV8TVe+068DKrdpnT0l9BDGuwW1aFznE5vAk2hCL3rz6jTA== =2N0u -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 2 09:13:02 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 09:13:24 2006 Subject: Password Protected PDFs In-Reply-To: <18BAD67B3136234285A06EB137C5CBD102F9ED28@exchange03.CBOCS.com> References: <18BAD67B3136234285A06EB137C5CBD102F9ED28@exchange03.CBOCS.com> Message-ID: <1078D40C-8439-4B96-BF88-83D34EFA1B6C@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 2 Feb 2006, at 02:18, Andrews Carl 448 wrote: > I am having a problem allowing password protected PDFs in from an > address to an address using a ruleset. The ruleset works great, if > I put the lines in the virus.scanning.rules file. I tried the Allow > Password-Protected Archives option, but PDFs are not achives and so > mailscanner, correctly, ignores that rule. The log file shows > "MailScanner [####]: Viruses marked as silent: Password protected > file .", so this is a virus setting but I can not find it. Could > someone tell me what option I need to point to my ruleset or do I > have to use the virus.scanning.rules? Take a look at the "Allowed Sophos Error Messages" setting. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+HNIPw32o+k+q+hAQFB9wgAsvcJ8EQv2Off/jIHK+2rvY/+PZl1VIfU aVgHWh0YE94jr5Fua+AZRer599JdOCI1Zh/Qr4T/L50LhqzVvpQVKzyc+lKMB7Dz Yl29XW2l2L69SJ5oBQlYw1jcnxlhK5adPaPJiGorRbGtna8RjZlx8LvvvHSkHTh3 V8A8qQ/10L2OPglyvLuQZfxxR72jxHM2e4TIYtZvXHTuJdiZaYIHTWMNrUr5TWCq VaNDmmkPlLpIJ0bM77KG7iW3RMmBdFKBW4qaB+JElQjD4KC0sgst1ge3UxWA7JE+ LXQvg+mflx2v0Kd6hfVs9Z4GjHcdWDNH2Q2qEt/12zIvHufdLPd3nw== =RL57 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From C.P.Mills at cranfield.ac.uk Thu Feb 2 09:22:17 2006 From: C.P.Mills at cranfield.ac.uk (Mills Mr C P) Date: Thu Feb 2 09:24:46 2006 Subject: Password protected files - not zips Message-ID: <8612FDC208266E419168366E1D2E3B797B0FD8@CranfieldMail.shrivenham.cranfield.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3094 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060202/5b2cabc9/smime.bin From glenn.steen at gmail.com Thu Feb 2 09:37:00 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 2 09:37:03 2006 Subject: SQLite and postfix... In-Reply-To: <6F3A6C09-CC53-435F-A432-8CAB51A0ACDD@ecs.soton.ac.uk> References: <223f97700602010923w68b73106l@mail.gmail.com> <223f97700602011216x753fafccx@mail.gmail.com> <43E126BC.3020108@ecs.soton.ac.uk> <223f97700602011346p327e1b06y@mail.gmail.com> <6F3A6C09-CC53-435F-A432-8CAB51A0ACDD@ecs.soton.ac.uk> Message-ID: <223f97700602020137x6e5d2be6i@mail.gmail.com> On 02/02/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > On 1 Feb 2006, at 21:46, Glenn Steen wrote: > (snip) > > Come to think of it, I might have done a "MailScanner --lint" before > > upgrading the MailScanner.conf file... It complained about the > > spurious spam.assassin.prefs.conf line, IIRC... But it should still > > have switched into "postfix" user, right? Or did that prevent it from > > using it, then perform the spam cache query ... which then created the > > bum file? > > I'll try retrace my steps tomorrow and see what gives. > > You are exactly right. > I guess I should move the "change user" code a bit. > > 4.50.14-2 produces a proper error message in this situation now, it > doesn't just die. Good, both that it's found and that it's handled. Thank you. (I'm having yet another hectic day, so... really would have been hard pressed for time to try get you more info:-) Regarding moving the root cause, one could of course just "solve" it in documentation. But it's probably better to not have to resort to that:-). Again, thanks for your hard work! -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Feb 2 09:44:19 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 2 09:44:22 2006 Subject: Problems starting after upgrading to 4.50.14 In-Reply-To: References: <223f97700602011525t27264a64o@mail.gmail.com> Message-ID: <223f97700602020144r5f726c69u@mail.gmail.com> On 02/02/06, David Curtis wrote: > > > [root@sbschools dns]# ls -la /var/spool/MailScanner/incoming/ > total 8 > drwxrwxrwx 2 postfix postfix 4096 Feb 1 16:07 . > drwxr-xr-x 4 root root 4096 Oct 10 15:12 .. > > Thanks, > Dave > In a parallell thread, Julian mentioned something worth checking... The allowing perms on the target directory might be "masked" by directories higher up... So do the following: su - postfix --shell=/bin/bash touch /var/spool/MailScanner/incoming/test If this fails, then there we might have your problem... You'll have to check all the "intervening" directories from / on down to incoming, in that case. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From wmcdonald at gmail.com Thu Feb 2 09:53:08 2006 From: wmcdonald at gmail.com (Will McDonald) Date: Thu Feb 2 09:53:11 2006 Subject: sendmail greet_pause feature In-Reply-To: References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> Message-ID: <1f8fae340602020153i1a1b061h@mail.gmail.com> On 01/02/06, Julian Field wrote: > On Linux, sendmail 8.13 and upwards needs posix, anything before 8.13 > needs flock. Is locking autodetecting, if you see what I mean? In the MailScanner.conf it says... # How to lock spool files. # Don't set this unless you *know* you need to. # For sendmail, it defaults to "flock". # For sendmail 8.13 onwards, you will probably need to change it to posix. # For Exim, it defaults to "posix". # No other type is implemented. Lock Type = Does MailScanner *know* I'm running 8.13 or should I force posix locking? Will. From MailScanner at ecs.soton.ac.uk Thu Feb 2 09:58:57 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 09:59:07 2006 Subject: SQLite and postfix... In-Reply-To: <223f97700602020137x6e5d2be6i@mail.gmail.com> References: <223f97700602010923w68b73106l@mail.gmail.com> <223f97700602011216x753fafccx@mail.gmail.com> <43E126BC.3020108@ecs.soton.ac.uk> <223f97700602011346p327e1b06y@mail.gmail.com> <6F3A6C09-CC53-435F-A432-8CAB51A0ACDD@ecs.soton.ac.uk> <223f97700602020137x6e5d2be6i@mail.gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 2 Feb 2006, at 09:37, Glenn Steen wrote: > On 02/02/06, Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> >> >> On 1 Feb 2006, at 21:46, Glenn Steen wrote: >> > (snip) >>> Come to think of it, I might have done a "MailScanner --lint" before >>> upgrading the MailScanner.conf file... It complained about the >>> spurious spam.assassin.prefs.conf line, IIRC... But it should still >>> have switched into "postfix" user, right? Or did that prevent it >>> from >>> using it, then perform the spam cache query ... which then >>> created the >>> bum file? >>> I'll try retrace my steps tomorrow and see what gives. >> >> You are exactly right. >> I guess I should move the "change user" code a bit. >> >> 4.50.14-2 produces a proper error message in this situation now, it >> doesn't just die. > Good, both that it's found and that it's handled. Thank you. (I'm > having yet another hectic day, so... really would have been hard > pressed for time to try get you more info:-) > > Regarding moving the root cause, one could of course just "solve" it > in documentation. But it's probably better to not have to resort to > that:-). 4.50.15 handles it better, if you are running "--lint" it changes user to "postfix" before trying to use the SpamAssassin cache db. So now you shouldn't get any permissions problems. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+HX4/w32o+k+q+hAQE7BQgAlA9+x2ajMCE9g+fjLW3S5s74ldbzUOZa sKtc1dDvqWqQfyp8GvAo63wvg7PmgNkvmi9dN17HPqgSJcJYDf5kzdcYf8YcOwAN T3Slb+MziC+7ozhVRyXqShxFrDOj1sVaBdCSOMNzuLZnuDYL3HyeLWo7GLTOc1JX 0/y4ZEeYUVIgTgKjB4Kp/mAeQUhv9xyjzrt4KFOVCP68sFjmkL09utLrR6+XAtNp H53bda3Z0Cya4zfhrnfs0pfJABuQf3uVTkkl4sR6kEqCiywxXoUI9IhGUY+wvFSE bjCpQHo6kbpY5feQorrdUvh2cq6C/KPihKS/DO1vvaEUhDhgZHTczw== =1n+G -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 2 10:00:01 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 10:00:11 2006 Subject: Problems starting after upgrading to 4.50.14 In-Reply-To: <223f97700602020144r5f726c69u@mail.gmail.com> References: <223f97700602011525t27264a64o@mail.gmail.com> <223f97700602020144r5f726c69u@mail.gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 2 Feb 2006, at 09:44, Glenn Steen wrote: > On 02/02/06, David Curtis wrote: >> >> >> [root@sbschools dns]# ls -la /var/spool/MailScanner/incoming/ >> total 8 >> drwxrwxrwx 2 postfix postfix 4096 Feb 1 16:07 . >> drwxr-xr-x 4 root root 4096 Oct 10 15:12 .. >> >> Thanks, >> Dave >> > In a parallell thread, Julian mentioned something worth checking... > The allowing perms on the target directory might be "masked" by > directories higher up... So do the following: > su - postfix --shell=/bin/bash > touch /var/spool/MailScanner/incoming/test > If this fails, then there we might have your problem... You'll have to > check all the "intervening" directories from / on down to incoming, in > that case. The error handling for this situation is a lot better in 4.50.15. If you are having trouble with .14 (and only if you are having trouble) it would be worth upgrading to .15. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+HYI/w32o+k+q+hAQGrpAf/YJ7sgWFFGPrRkIGi7czOHSptIqgnmUX0 s487wiR7toGouAOSAIVEFO8vHXLeMgffYBZIwuGS3IHv7QR3aB+Gfn+aey4TxMOe uRZj5A9mZJN8WmCx1+Q1NshKOGGzi2Dzinuqwj1NEfqZqMvcURWttvmiFiTzS0cF L1eGFk/DxV6IoeU1g5/K+LhCHRDObTNRsmCgo+R3qqQf9SU6k1QxpkHyu3NyhZl1 eonX2rL0Ja1ni60D5caHhUk0o6qWPNIwDAZoem1dqVT43NLKJ2ij5A5JYpzpXP58 bPC8/Cfc0u59gnMo5CfleV8POPAlFnpIl3Ct0yIPXWn8weESdmupJw== =Eris -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From joost at waversveld.nl Thu Feb 2 10:02:16 2006 From: joost at waversveld.nl (Joost Waversveld) Date: Thu Feb 2 10:00:49 2006 Subject: sendmail greet_pause feature In-Reply-To: <1f8fae340602020153i1a1b061h@mail.gmail.com> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> Message-ID: <20060202110216.wtklxpib4scwssco@webmail.waversveld.nl> You must force posix locking... The standard will be flock locking. I thought Julian is thinking about changing the standard to posix, but at the moment the standard is still "flock" So it must be "Lock Type = posix" for you... ;) Joost Waversveld ----- Message from wmcdonald@gmail.com --------- Date: Thu, 2 Feb 2006 09:53:08 +0000 From: Will McDonald Reply-To: MailScanner discussion Subject: Re: sendmail greet_pause feature To: MailScanner discussion > On 01/02/06, Julian Field wrote: > >> On Linux, sendmail 8.13 and upwards needs posix, anything before 8.13 >> needs flock. > > Is locking autodetecting, if you see what I mean? In the > MailScanner.conf it says... > > # How to lock spool files. > # Don't set this unless you *know* you need to. > # For sendmail, it defaults to "flock". > # For sendmail 8.13 onwards, you will probably need to change it to posix. > # For Exim, it defaults to "posix". > # No other type is implemented. > Lock Type = > > Does MailScanner *know* I'm running 8.13 or should I force posix locking? > > Will. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ----- End message from wmcdonald@gmail.com ----- From a.peacock at chime.ucl.ac.uk Thu Feb 2 10:32:50 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu Feb 2 10:33:00 2006 Subject: sendmail greet_pause feature In-Reply-To: <20060202110216.wtklxpib4scwssco@webmail.waversveld.nl> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> <20060202110216.wtklxpib4scwssco@webmail.waversveld.nl> Message-ID: <43E1DFD2.20708@chime.ucl.ac.uk> Hi, Joost Waversveld wrote: > You must force posix locking... The standard will be flock locking. I > thought Julian is thinking about changing the standard to posix, but at > the moment the standard is still "flock" > > So it must be "Lock Type = posix" for you... ;) Is this true for all OSs? I am using Sendmail 8.13 and the default locking on Solaris and I am not having any problems at all. I always thought the advice was only change this if you are having problems. I also recall that the requirement for posix locking is dependent on the OS. Grateful for any correction. > > Joost Waversveld > > ----- Message from wmcdonald@gmail.com --------- > Date: Thu, 2 Feb 2006 09:53:08 +0000 > From: Will McDonald > Reply-To: MailScanner discussion > Subject: Re: sendmail greet_pause feature > To: MailScanner discussion > > >> On 01/02/06, Julian Field wrote: >> >>> On Linux, sendmail 8.13 and upwards needs posix, anything before 8.13 >>> needs flock. >> >> Is locking autodetecting, if you see what I mean? In the >> MailScanner.conf it says... >> >> # How to lock spool files. >> # Don't set this unless you *know* you need to. >> # For sendmail, it defaults to "flock". >> # For sendmail 8.13 onwards, you will probably need to change it to >> posix. >> # For Exim, it defaults to "posix". >> # No other type is implemented. >> Lock Type = >> >> Does MailScanner *know* I'm running 8.13 or should I force posix locking? >> >> Will. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > ----- End message from wmcdonald@gmail.com ----- > > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From brian.okeeffe at kepak.com Thu Feb 2 11:57:17 2006 From: brian.okeeffe at kepak.com (Brian O'Keeffe) Date: Thu Feb 2 11:57:30 2006 Subject: sendmail greet_pause feature In-Reply-To: Message-ID: Thanks, for that, I implemented it yesterday and am noticing a difference, could anybody recommend a package for log monitoring so I can compare before and after implementation traffic? I'm using sendmail and MailScanner on debian woody. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jim Holland Sent: 01 February 2006 08:12 To: MailScanner mailing list Subject: OT: sendmail greet_pause feature Perhaps other sendmail users know all about this, but I have only looked at it for the first time. I run sendmail 8.13.1 and have decided to implement the greet_pause feature for the first time (after seeing that it is a default option in Debian installations). This requires a specified delay after connection, which can be network specific, before a client system is allowed to send any SMTP commands. Any client that breaks normal SMTP protocols by trying to force commands before receiving the go-ahead is immediately disconnected. This seems to distinguish very successfully between genuine mailers and spammers/viruses that are not RFC-compliant. Using a 5 second delay I have found that the system has blocked over 3200 connections in the first 24 hours I used it. The client systems were all typical of spammers, with adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR record at all. I found only four systems in the blocked group that looked as if they were genuine. On further investigation I found that earlier log records for some of those sites indicated behaviour typical of virus infections in any case. To implement the feature: Add the following to the sendmail.mc file: FEATURE(`greet_pause', `5000')dnl 5 seconds Rebuild sendmail and restart MailScanner: m4 < sendmail.mc > sendmail.cf service MailScanner restart Then specific entries for client hostname, domain, IP address or subnet can be put in the access file: GreetPause:my.domain 0 GreetPause:example.com 5000 GreetPause:10.1.2 2000 GreetPause:127.0.0.1 0 Definitely worth a look I would say, as it blocks large numbers of spammers before they are allowed to send any data, with very low risk of blocking genuine systems. It even seems to allow genuine mail from infected systems to be accepted while blocking viruses from those same systems before the DATA phase - as many viruses seem to behave rather impolitely :-) Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service -- MailScanner mailing list MailScanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.14.25/246 - Release Date: 30/01/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.14.25/246 - Release Date: 30/01/2006 From padma at eis.iisc.ernet.in Thu Feb 2 11:53:11 2006 From: padma at eis.iisc.ernet.in (padma@eis.iisc.ernet.in) Date: Thu Feb 2 12:03:49 2006 Subject: Is there a way to bypass mailscanner for local users on the server itself? Message-ID: Not Virus scanning, but I would like to bypass mailscanner itself for local users. Regards Padma ERNET Helpdesk From MailScanner at ecs.soton.ac.uk Thu Feb 2 12:15:10 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 12:15:19 2006 Subject: Is there a way to bypass mailscanner for local users on the server itself? In-Reply-To: References: Message-ID: <190F0BCB-7BF5-47A5-B56A-581AFACE58D8@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Read about rulesets, it is very easy to do this. See wiki.mailscanner.info/posting and it will point you towards the documentation. On 2 Feb 2006, at 11:53, padma@eis.iisc.ernet.in wrote: > > Not Virus scanning, but I would like to bypass mailscanner itself > for local users. > > > > Regards > Padma > ERNET Helpdesk > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+H30Pw32o+k+q+hAQEoxggAgteM23PrB/N8DMSFcuM9+oYVoJaIOHwA kGu0aYQzXRBNSgmqmiglV3h5JcaQP6MCtjXMdnx3uDxfil/0qGqChMFA/tbQVWDk 9UGRNY1w2cXJ+jjMRDH16SJcaxbsakJfw6ibfT6fNDbsZuepKJdyfuc8II9TpDXS 9lnLxzxt5zhsWWDwZleZBrlL/ZNG+4+e0+jBvB/9fYmwK6xhE33rX2GN+iqNF7o5 1UXccfzIwjU7Q4E8nUurxWIJWtahHNmVgsvKOLZF6rXg26dbML4Pqrt0kukp2ibo VLs0uqWHzMuKLAwbCBe/8+8MvylZcV3WxLd6Grh5mtO3FurQGw3yBg== =oB3l -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jaearick at colby.edu Thu Feb 2 12:16:48 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Feb 2 12:16:53 2006 Subject: Is there a way to bypass mailscanner for local users on the server itself? In-Reply-To: References: Message-ID: Do you mean bypass spam filtering? then define a ruleset for Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules Where this ruleset has something like: From: 137.146. yes From: 127.0.0.1 yes FromOrTo: default no 137.146. is my netblock. I actually have this commented out; the only IP I whitelist is loopback. Jeff Earickson Colby College On Thu, 2 Feb 2006, padma@eis.iisc.ernet.in wrote: > Date: Thu, 2 Feb 2006 17:23:11 +0530 (IST) > From: padma@eis.iisc.ernet.in > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Is there a way to bypass mailscanner for local users on the server > itself? > > > Not Virus scanning, but I would like to bypass mailscanner itself for local > users. > > > > Regards > Padma > ERNET Helpdesk > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From dhawal at netmagicsolutions.com Thu Feb 2 12:18:36 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Feb 2 12:18:27 2006 Subject: Is there a way to bypass mailscanner for local users on the server itself? In-Reply-To: References: Message-ID: <43E1F89C.500@netmagicsolutions.com> padma@eis.iisc.ernet.in wrote: > > Not Virus scanning, but I would like to bypass mailscanner itself for > local users. > > Regards > Padma > ERNET Helpdesk Use a ruleset for this option "Scan Messages" in MailScanner.conf, this was introduced in MailScanner versions > 4.44.x - dhawal From martinh at solid-state-logic.com Thu Feb 2 12:20:41 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Feb 2 12:21:08 2006 Subject: Is there a way to bypass mailscanner for local users on the server itself? In-Reply-To: Message-ID: <00d801c627f3$174175e0$3004010a@martinhlaptop> Padma In MailScanner.conf theres a setting "Scan Messages" which can be used to call a ruleset which can not scan for certain email addresses. There's a nice example just above this setting on how to do this. HOWEVER you might find that for emails with multiple recipients you might get unintuitve behaviour and you may need to split the emails up into single recipients. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of padma@eis.iisc.ernet.in > Sent: 02 February 2006 11:53 > To: MailScanner discussion > Subject: Is there a way to bypass mailscanner for local users on the > server itself? > > > Not Virus scanning, but I would like to bypass mailscanner itself for > local users. > > > > Regards > Padma > ERNET Helpdesk > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From padma at eis.iisc.ernet.in Thu Feb 2 12:26:12 2006 From: padma at eis.iisc.ernet.in (padma@eis.iisc.ernet.in) Date: Thu Feb 2 12:36:46 2006 Subject: Is there a way to bypass mailscanner for local users on the server itself? In-Reply-To: <00d801c627f3$174175e0$3004010a@martinhlaptop> References: <00d801c627f3$174175e0$3004010a@martinhlaptop> Message-ID: Hello All, The version of Mailscanner i have installed is 4.40. Is the following option not available with 4.40?? Regards Padma On Thu, 2 Feb 2006, Martin Hepworth wrote: > Padma > > In MailScanner.conf theres a setting "Scan Messages" which can be used to > call a ruleset which can not scan for certain email addresses. There's a > nice example just above this setting on how to do this. > > HOWEVER you might find that for emails with multiple recipients you might > get unintuitve behaviour and you may need to split the emails up into single > recipients. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of padma@eis.iisc.ernet.in >> Sent: 02 February 2006 11:53 >> To: MailScanner discussion >> Subject: Is there a way to bypass mailscanner for local users on the >> server itself? >> >> >> Not Virus scanning, but I would like to bypass mailscanner itself for >> local users. >> >> >> >> Regards >> Padma >> ERNET Helpdesk >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > From martinh at solid-state-logic.com Thu Feb 2 13:05:25 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Feb 2 13:05:45 2006 Subject: Is there a way to bypass mailscanner for local users on the server itself? In-Reply-To: Message-ID: <00e001c627f9$57470550$3004010a@martinhlaptop> Padma Unfortunately not, this option first appeared in 4.44 Good excuse to update to 4.50 mind, there's a new goodies there and it runs a lot lot faster. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of padma@eis.iisc.ernet.in > Sent: 02 February 2006 12:26 > To: MailScanner discussion > Subject: RE: Is there a way to bypass mailscanner for local users on the > server itself? > > > Hello All, > > The version of Mailscanner i have installed is 4.40. Is the following > option not available with 4.40?? > > Regards > Padma > > > > On Thu, 2 Feb 2006, Martin Hepworth wrote: > > > Padma > > > > In MailScanner.conf theres a setting "Scan Messages" which can be used > to > > call a ruleset which can not scan for certain email addresses. There's a > > nice example just above this setting on how to do this. > > > > HOWEVER you might find that for emails with multiple recipients you > might > > get unintuitve behaviour and you may need to split the emails up into > single > > recipients. > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of padma@eis.iisc.ernet.in > >> Sent: 02 February 2006 11:53 > >> To: MailScanner discussion > >> Subject: Is there a way to bypass mailscanner for local users on the > >> server itself? > >> > >> > >> Not Virus scanning, but I would like to bypass mailscanner itself for > >> local users. > >> > >> > >> > >> Regards > >> Padma > >> ERNET Helpdesk > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From jaearick at colby.edu Thu Feb 2 13:05:58 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Feb 2 13:06:05 2006 Subject: sendmail greet_pause feature In-Reply-To: <43E1DFD2.20708@chime.ucl.ac.uk> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> <20060202110216.wtklxpib4scwssco@webmail.waversveld.nl> <43E1DFD2.20708@chime.ucl.ac.uk> Message-ID: Same here. running Solaris 9 with sendmail 8.13.5. I've never touched the Lock Type setting. Jeff Earickson Colby College On Thu, 2 Feb 2006, Anthony Peacock wrote: > Date: Thu, 02 Feb 2006 10:32:50 +0000 > From: Anthony Peacock > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: sendmail greet_pause feature > > Hi, > > Joost Waversveld wrote: >> You must force posix locking... The standard will be flock locking. I >> thought Julian is thinking about changing the standard to posix, but at the >> moment the standard is still "flock" >> >> So it must be "Lock Type = posix" for you... ;) > > Is this true for all OSs? > > I am using Sendmail 8.13 and the default locking on Solaris and I am not > having any problems at all. I always thought the advice was only change this > if you are having problems. I also recall that the requirement for posix > locking is dependent on the OS. > > Grateful for any correction. > > >> >> Joost Waversveld >> >> ----- Message from wmcdonald@gmail.com --------- >> Date: Thu, 2 Feb 2006 09:53:08 +0000 >> From: Will McDonald >> Reply-To: MailScanner discussion >> Subject: Re: sendmail greet_pause feature >> To: MailScanner discussion >> >> >>> On 01/02/06, Julian Field wrote: >>> >>>> On Linux, sendmail 8.13 and upwards needs posix, anything before 8.13 >>>> needs flock. >>> >>> Is locking autodetecting, if you see what I mean? In the >>> MailScanner.conf it says... >>> >>> # How to lock spool files. >>> # Don't set this unless you *know* you need to. >>> # For sendmail, it defaults to "flock". >>> # For sendmail 8.13 onwards, you will probably need to change it to posix. >>> # For Exim, it defaults to "posix". >>> # No other type is implemented. >>> Lock Type = >>> >>> Does MailScanner *know* I'm running 8.13 or should I force posix locking? >>> >>> Will. >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> ----- End message from wmcdonald@gmail.com ----- >> >> > > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "The most exciting phrase to hear in science, the one that heralds new > discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From joost at waversveld.nl Thu Feb 2 13:19:29 2006 From: joost at waversveld.nl (Joost Waversveld) Date: Thu Feb 2 13:18:02 2006 Subject: sendmail greet_pause feature In-Reply-To: References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> <20060202110216.wtklxpib4scwssco@webmail.waversveld.nl> <43E1DFD2.20708@chime.ucl.ac.uk> Message-ID: <20060202141929.by6t7fas74wo0woc@webmail.waversveld.nl> I really do not know if this is for all the OS's. I do know that it is true for Redhat, CentOS, etc. ----- Message from jaearick@colby.edu --------- Date: Thu, 2 Feb 2006 08:05:58 -0500 (EST) From: "Jeff A. Earickson" Reply-To: MailScanner discussion Subject: Re: sendmail greet_pause feature To: MailScanner discussion > Same here. running Solaris 9 with sendmail 8.13.5. I've never > touched the Lock Type setting. > > Jeff Earickson > Colby College > > On Thu, 2 Feb 2006, Anthony Peacock wrote: > >> Date: Thu, 02 Feb 2006 10:32:50 +0000 >> From: Anthony Peacock >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Re: sendmail greet_pause feature >> >> Hi, >> >> Joost Waversveld wrote: >>> You must force posix locking... The standard will be flock locking. >>> I thought Julian is thinking about changing the standard to posix, >>> but at the moment the standard is still "flock" >>> >>> So it must be "Lock Type = posix" for you... ;) >> >> Is this true for all OSs? >> >> I am using Sendmail 8.13 and the default locking on Solaris and I am >> not having any problems at all. I always thought the advice was >> only change this if you are having problems. I also recall that the >> requirement for posix locking is dependent on the OS. >> >> Grateful for any correction. >> >> >>> >>> Joost Waversveld >>> >>> ----- Message from wmcdonald@gmail.com --------- >>> Date: Thu, 2 Feb 2006 09:53:08 +0000 >>> From: Will McDonald >>> Reply-To: MailScanner discussion >>> Subject: Re: sendmail greet_pause feature >>> To: MailScanner discussion >>> >>> >>>> On 01/02/06, Julian Field wrote: >>>> >>>>> On Linux, sendmail 8.13 and upwards needs posix, anything before 8.13 >>>>> needs flock. >>>> >>>> Is locking autodetecting, if you see what I mean? In the >>>> MailScanner.conf it says... >>>> >>>> # How to lock spool files. >>>> # Don't set this unless you *know* you need to. >>>> # For sendmail, it defaults to "flock". >>>> # For sendmail 8.13 onwards, you will probably need to change it to posix. >>>> # For Exim, it defaults to "posix". >>>> # No other type is implemented. >>>> Lock Type = >>>> >>>> Does MailScanner *know* I'm running 8.13 or should I force posix locking? >>>> >>>> Will. >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> >>> ----- End message from wmcdonald@gmail.com ----- >>> >>> >> >> >> -- >> Anthony Peacock >> CHIME, Royal Free & University College Medical School >> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ >> "The most exciting phrase to hear in science, the one that heralds >> new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac >> Asimov >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ----- End message from jaearick@colby.edu ----- From dcurtisathome at hotmail.com Thu Feb 2 13:24:42 2006 From: dcurtisathome at hotmail.com (David Curtis) Date: Thu Feb 2 13:24:46 2006 Subject: Problems starting after upgrading to 4.50.14 References: <223f97700602011525t27264a64o@mail.gmail.com><223f97700602020144r5f726c69u@mail.gmail.com> Message-ID: I could not figure any way around the error so I uninstalled and re-installed MailScanner-4.49.7-1. I will try a newer release after hours next time. This was the first upgrade I had problems with. I went ahead with the upgrade after reading Glenn's fix for the problem but my problem must have been different because there was no file to delete. Thanks, Dave ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Thursday, February 02, 2006 5:00 AM Subject: Re: Problems starting after upgrading to 4.50.14 > -----BEGIN PGP SIGNED MESSAGE----- > > > On 2 Feb 2006, at 09:44, Glenn Steen wrote: > >> On 02/02/06, David Curtis wrote: >>> >>> >>> [root@sbschools dns]# ls -la /var/spool/MailScanner/incoming/ >>> total 8 >>> drwxrwxrwx 2 postfix postfix 4096 Feb 1 16:07 . >>> drwxr-xr-x 4 root root 4096 Oct 10 15:12 .. >>> >>> Thanks, >>> Dave >>> >> In a parallell thread, Julian mentioned something worth checking... >> The allowing perms on the target directory might be "masked" by >> directories higher up... So do the following: >> su - postfix --shell=/bin/bash >> touch /var/spool/MailScanner/incoming/test >> If this fails, then there we might have your problem... You'll have to >> check all the "intervening" directories from / on down to incoming, in >> that case. > > The error handling for this situation is a lot better in 4.50.15. If > you are having trouble with .14 (and only if you are having trouble) > it would be worth upgrading to .15. > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.4 (Build 4042) > > iQEVAwUBQ+HYI/w32o+k+q+hAQGrpAf/YJ7sgWFFGPrRkIGi7czOHSptIqgnmUX0 > s487wiR7toGouAOSAIVEFO8vHXLeMgffYBZIwuGS3IHv7QR3aB+Gfn+aey4TxMOe > uRZj5A9mZJN8WmCx1+Q1NshKOGGzi2Dzinuqwj1NEfqZqMvcURWttvmiFiTzS0cF > L1eGFk/DxV6IoeU1g5/K+LhCHRDObTNRsmCgo+R3qqQf9SU6k1QxpkHyu3NyhZl1 > eonX2rL0Ja1ni60D5caHhUk0o6qWPNIwDAZoem1dqVT43NLKJ2ij5A5JYpzpXP58 > bPC8/Cfc0u59gnMo5CfleV8POPAlFnpIl3Ct0yIPXWn8weESdmupJw== > =Eris > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From padma at eis.iisc.ernet.in Thu Feb 2 13:20:51 2006 From: padma at eis.iisc.ernet.in (padma@eis.iisc.ernet.in) Date: Thu Feb 2 13:31:26 2006 Subject: Is there a way to bypass mailscanner for local users on the server itself? In-Reply-To: <00e001c627f9$57470550$3004010a@martinhlaptop> References: <00e001c627f9$57470550$3004010a@martinhlaptop> Message-ID: Thanks for the help! I will upgrade Mailscanner, that's much better Padma On Thu, 2 Feb 2006, Martin Hepworth wrote: > Padma > > Unfortunately not, this option first appeared in 4.44 > > Good excuse to update to 4.50 mind, there's a new goodies there and it runs > a lot lot faster. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of padma@eis.iisc.ernet.in >> Sent: 02 February 2006 12:26 >> To: MailScanner discussion >> Subject: RE: Is there a way to bypass mailscanner for local users on the >> server itself? >> >> >> Hello All, >> >> The version of Mailscanner i have installed is 4.40. Is the following >> option not available with 4.40?? >> >> Regards >> Padma >> >> >> >> On Thu, 2 Feb 2006, Martin Hepworth wrote: >> >>> Padma >>> >>> In MailScanner.conf theres a setting "Scan Messages" which can be used >> to >>> call a ruleset which can not scan for certain email addresses. There's a >>> nice example just above this setting on how to do this. >>> >>> HOWEVER you might find that for emails with multiple recipients you >> might >>> get unintuitve behaviour and you may need to split the emails up into >> single >>> recipients. >>> >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>>> bounces@lists.mailscanner.info] On Behalf Of padma@eis.iisc.ernet.in >>>> Sent: 02 February 2006 11:53 >>>> To: MailScanner discussion >>>> Subject: Is there a way to bypass mailscanner for local users on the >>>> server itself? >>>> >>>> >>>> Not Virus scanning, but I would like to bypass mailscanner itself for >>>> local users. >>>> >>>> >>>> >>>> Regards >>>> Padma >>>> ERNET Helpdesk >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> ********************************************************************** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ********************************************************************** >>> >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- Regards Padma ERNET Helpdesk From a.peacock at chime.ucl.ac.uk Thu Feb 2 13:32:04 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu Feb 2 13:32:11 2006 Subject: sendmail greet_pause feature In-Reply-To: <20060202141929.by6t7fas74wo0woc@webmail.waversveld.nl> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> <20060202110216.wtklxpib4scwssco@webmail.waversveld.nl> <43E1DFD2.20708@chime.ucl.ac.uk> <20060202141929.by6t7fas74wo0woc@webmail.waversveld.nl> Message-ID: <43E209D4.8050902@chime.ucl.ac.uk> Hi Joost, My comments were more directed to the list in general. Julian was very clear in his email earlier that on _Linux_ the lock type needs to change to Posix for Sendmail 8.13 and above. I just get twitchy when statements are made that don't recognise that the OS is an important component in this setting. First, it makes me doubt my configuration. Secondly, it might give the wrong impression to admins of OSs other than Linux. Changing the default would have implications for me. If I didn't spot that it had changed I may start to see problems after an upgrade, with a system that runs fine at the moment. Joost Waversveld wrote: > I really do not know if this is for all the OS's. I do know that it is > true for Redhat, CentOS, etc. > > ----- Message from jaearick@colby.edu --------- > Date: Thu, 2 Feb 2006 08:05:58 -0500 (EST) > From: "Jeff A. Earickson" > Reply-To: MailScanner discussion > Subject: Re: sendmail greet_pause feature > To: MailScanner discussion > > >> Same here. running Solaris 9 with sendmail 8.13.5. I've never >> touched the Lock Type setting. >> >> Jeff Earickson >> Colby College >> >> On Thu, 2 Feb 2006, Anthony Peacock wrote: >> >>> Date: Thu, 02 Feb 2006 10:32:50 +0000 >>> From: Anthony Peacock >>> Reply-To: MailScanner discussion >>> To: MailScanner discussion >>> Subject: Re: sendmail greet_pause feature >>> >>> Hi, >>> >>> Joost Waversveld wrote: >>>> You must force posix locking... The standard will be flock locking. >>>> I thought Julian is thinking about changing the standard to posix, >>>> but at the moment the standard is still "flock" >>>> >>>> So it must be "Lock Type = posix" for you... ;) >>> >>> Is this true for all OSs? >>> >>> I am using Sendmail 8.13 and the default locking on Solaris and I am >>> not having any problems at all. I always thought the advice was only >>> change this if you are having problems. I also recall that the >>> requirement for posix locking is dependent on the OS. >>> >>> Grateful for any correction. >>> >>> >>>> >>>> Joost Waversveld >>>> >>>> ----- Message from wmcdonald@gmail.com --------- >>>> Date: Thu, 2 Feb 2006 09:53:08 +0000 >>>> From: Will McDonald >>>> Reply-To: MailScanner discussion >>>> Subject: Re: sendmail greet_pause feature >>>> To: MailScanner discussion >>>> >>>> >>>>> On 01/02/06, Julian Field wrote: >>>>> >>>>>> On Linux, sendmail 8.13 and upwards needs posix, anything before 8.13 >>>>>> needs flock. >>>>> >>>>> Is locking autodetecting, if you see what I mean? In the >>>>> MailScanner.conf it says... >>>>> >>>>> # How to lock spool files. >>>>> # Don't set this unless you *know* you need to. >>>>> # For sendmail, it defaults to "flock". >>>>> # For sendmail 8.13 onwards, you will probably need to change it to >>>>> posix. >>>>> # For Exim, it defaults to "posix". >>>>> # No other type is implemented. >>>>> Lock Type = >>>>> >>>>> Does MailScanner *know* I'm running 8.13 or should I force posix >>>>> locking? >>>>> >>>>> Will. >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> >>>> >>>> ----- End message from wmcdonald@gmail.com ----- >>>> >>>> >>> >>> >>> -- >>> Anthony Peacock >>> CHIME, Royal Free & University College Medical School >>> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ >>> "The most exciting phrase to hear in science, the one that heralds >>> new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac >>> Asimov >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > ----- End message from jaearick@colby.edu ----- > > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From joost at waversveld.nl Thu Feb 2 13:39:33 2006 From: joost at waversveld.nl (Joost Waversveld) Date: Thu Feb 2 13:38:10 2006 Subject: sendmail greet_pause feature In-Reply-To: <43E209D4.8050902@chime.ucl.ac.uk> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> <20060202110216.wtklxpib4scwssco@webmail.waversveld.nl> <43E1DFD2.20708@chime.ucl.ac.uk> <20060202141929.by6t7fas74wo0woc@webmail.waversveld.nl> <43E209D4.8050902@chime.ucl.ac.uk> Message-ID: <20060202143933.05h6byks2sggokwo@webmail.waversveld.nl> Anthony, I get your point and you're absolutely right. I'm sorry for that. I won't do it again :-D Greetz, Joost ----- Message from a.peacock@chime.ucl.ac.uk --------- Date: Thu, 02 Feb 2006 13:32:04 +0000 From: Anthony Peacock Reply-To: MailScanner discussion Subject: Re: sendmail greet_pause feature To: MailScanner discussion > Hi Joost, > > My comments were more directed to the list in general. > > Julian was very clear in his email earlier that on _Linux_ the lock > type needs to change to Posix for Sendmail 8.13 and above. > > I just get twitchy when statements are made that don't recognise that > the OS is an important component in this setting. First, it makes me > doubt my configuration. Secondly, it might give the wrong impression > to admins of OSs other than Linux. > > Changing the default would have implications for me. If I didn't > spot that it had changed I may start to see problems after an > upgrade, with a system that runs fine at the moment. > > Joost Waversveld wrote: >> I really do not know if this is for all the OS's. I do know that it >> is true for Redhat, CentOS, etc. >> >> ----- Message from jaearick@colby.edu --------- >> Date: Thu, 2 Feb 2006 08:05:58 -0500 (EST) >> From: "Jeff A. Earickson" >> Reply-To: MailScanner discussion >> Subject: Re: sendmail greet_pause feature >> To: MailScanner discussion >> >> >>> Same here. running Solaris 9 with sendmail 8.13.5. I've never >>> touched the Lock Type setting. >>> >>> Jeff Earickson >>> Colby College >>> >>> On Thu, 2 Feb 2006, Anthony Peacock wrote: >>> >>>> Date: Thu, 02 Feb 2006 10:32:50 +0000 >>>> From: Anthony Peacock >>>> Reply-To: MailScanner discussion >>>> To: MailScanner discussion >>>> Subject: Re: sendmail greet_pause feature >>>> >>>> Hi, >>>> >>>> Joost Waversveld wrote: >>>>> You must force posix locking... The standard will be flock >>>>> locking. I thought Julian is thinking about changing the standard >>>>> to posix, but at the moment the standard is still "flock" >>>>> >>>>> So it must be "Lock Type = posix" for you... ;) >>>> >>>> Is this true for all OSs? >>>> >>>> I am using Sendmail 8.13 and the default locking on Solaris and I >>>> am not having any problems at all. I always thought the advice >>>> was only change this if you are having problems. I also recall >>>> that the requirement for posix locking is dependent on the OS. >>>> >>>> Grateful for any correction. >>>> >>>> >>>>> >>>>> Joost Waversveld >>>>> >>>>> ----- Message from wmcdonald@gmail.com --------- >>>>> Date: Thu, 2 Feb 2006 09:53:08 +0000 >>>>> From: Will McDonald >>>>> Reply-To: MailScanner discussion >>>>> Subject: Re: sendmail greet_pause feature >>>>> To: MailScanner discussion >>>>> >>>>> >>>>>> On 01/02/06, Julian Field wrote: >>>>>> >>>>>>> On Linux, sendmail 8.13 and upwards needs posix, anything before 8.13 >>>>>>> needs flock. >>>>>> >>>>>> Is locking autodetecting, if you see what I mean? In the >>>>>> MailScanner.conf it says... >>>>>> >>>>>> # How to lock spool files. >>>>>> # Don't set this unless you *know* you need to. >>>>>> # For sendmail, it defaults to "flock". >>>>>> # For sendmail 8.13 onwards, you will probably need to change it >>>>>> to posix. >>>>>> # For Exim, it defaults to "posix". >>>>>> # No other type is implemented. >>>>>> Lock Type = >>>>>> >>>>>> Does MailScanner *know* I'm running 8.13 or should I force posix >>>>>> locking? >>>>>> >>>>>> Will. >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>> >>>>> >>>>> ----- End message from wmcdonald@gmail.com ----- >>>>> >>>>> >>>> >>>> >>>> -- >>>> Anthony Peacock >>>> CHIME, Royal Free & University College Medical School >>>> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ >>>> "The most exciting phrase to hear in science, the one that heralds >>>> new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac >>>> Asimov >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> ----- End message from jaearick@colby.edu ----- >> >> > > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "The most exciting phrase to hear in science, the one that heralds > new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac > Asimov > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ----- End message from a.peacock@chime.ucl.ac.uk ----- From wmcdonald at gmail.com Thu Feb 2 13:49:42 2006 From: wmcdonald at gmail.com (Will McDonald) Date: Thu Feb 2 13:49:45 2006 Subject: sendmail greet_pause feature In-Reply-To: <20060202110216.wtklxpib4scwssco@webmail.waversveld.nl> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> <20060202110216.wtklxpib4scwssco@webmail.waversveld.nl> Message-ID: <1f8fae340602020549t71f7933ap@mail.gmail.com> On 02/02/06, Joost Waversveld wrote: > You must force posix locking... The standard will be flock locking. I > thought Julian is thinking about changing the standard to posix, but at > the moment the standard is still "flock" > > So it must be "Lock Type = posix" for you... ;) Cool. Thanks for the confirmation Joost. Will From dcurtisathome at hotmail.com Thu Feb 2 13:56:24 2006 From: dcurtisathome at hotmail.com (David Curtis) Date: Thu Feb 2 13:56:28 2006 Subject: Problems starting after upgrading to 4.50.14 References: <223f97700602011525t27264a64o@mail.gmail.com> <223f97700602020144r5f726c69u@mail.gmail.com> Message-ID: Glenn, I missed this post. Probably would have saved me a lot of hassle. I have already downgraded, and I have looked for the SpamAssassin.cache.db and could not find it any where. Thanks, Dave ----- Original Message ----- From: "Glenn Steen" To: "MailScanner discussion" Sent: Thursday, February 02, 2006 4:44 AM Subject: Re: Problems starting after upgrading to 4.50.14 On 02/02/06, David Curtis wrote: > > > [root@sbschools dns]# ls -la /var/spool/MailScanner/incoming/ > total 8 > drwxrwxrwx 2 postfix postfix 4096 Feb 1 16:07 . > drwxr-xr-x 4 root root 4096 Oct 10 15:12 .. > > Thanks, > Dave > In a parallell thread, Julian mentioned something worth checking... The allowing perms on the target directory might be "masked" by directories higher up... So do the following: su - postfix --shell=/bin/bash touch /var/spool/MailScanner/incoming/test If this fails, then there we might have your problem... You'll have to check all the "intervening" directories from / on down to incoming, in that case. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Feb 2 14:09:45 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 14:10:04 2006 Subject: Problems starting after upgrading to 4.50.14 In-Reply-To: References: <223f97700602011525t27264a64o@mail.gmail.com> <223f97700602020144r5f726c69u@mail.gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I have fixed this in 4.50.15. On 2 Feb 2006, at 13:56, David Curtis wrote: > Glenn, > > I missed this post. Probably would have saved me a lot of hassle. I > have already downgraded, and I have looked for the > SpamAssassin.cache.db and could not find it any where. > > Thanks, > Dave > > > > ----- Original Message ----- From: "Glenn Steen" > > To: "MailScanner discussion" > Sent: Thursday, February 02, 2006 4:44 AM > Subject: Re: Problems starting after upgrading to 4.50.14 > > > On 02/02/06, David Curtis wrote: >> >> >> [root@sbschools dns]# ls -la /var/spool/MailScanner/incoming/ >> total 8 >> drwxrwxrwx 2 postfix postfix 4096 Feb 1 16:07 . >> drwxr-xr-x 4 root root 4096 Oct 10 15:12 .. >> >> Thanks, >> Dave >> > In a parallell thread, Julian mentioned something worth checking... > The allowing perms on the target directory might be "masked" by > directories higher up... So do the following: > su - postfix --shell=/bin/bash > touch /var/spool/MailScanner/incoming/test > If this fails, then there we might have your problem... You'll have to > check all the "intervening" directories from / on down to incoming, in > that case. > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+ISsfw32o+k+q+hAQGqcwf+PLjP9fx5mWwekaANetFFTNYAdfDnZKk6 vOG1DzYOhQad70f5VQdHYR0X5ieaHcdTV/8HZY5NjDBrRDZI2nyKPde3Cu7iNhEw 6PWG/sVpchJF7GjUHFmrC/x5cbMNiLUGFsiG3uU7JrGF+uzbQmA4dr2m3zrRMyIp HRIFOo+r5g2F2oPcRDiLvkCdRpikGfNtvaQS+40HP3Z8x8iP6cul3UcnT+QYd2tI SRpmw51QgBpRyMm+ioZfRiDxsP4yI/QN/0SRQLErhuZoQlyPJhNZajpPsVHyOZDU F72WDZiBIMXFTnDr4xnw0D0E3Woto9yJVzU/h5FR/JKn3rXGY2hovA== =DWpB -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From wmcdonald at gmail.com Thu Feb 2 14:15:01 2006 From: wmcdonald at gmail.com (Will McDonald) Date: Thu Feb 2 14:15:03 2006 Subject: Integration with QMail! In-Reply-To: <38422649D9FDBE42A238BD5604D203201FE849@wellington.sankyouk.local> References: <38422649D9FDBE42A238BD5604D203201FE849@wellington.sankyouk.local> Message-ID: <1f8fae340602020615h78cecb78w@mail.gmail.com> On 01/02/06, Doug Hall wrote: > Can anyone point me in the right direction for integrating MS with > QMail, (if possible) Could you be more specific? We use multiple MailScanner/Sendmail systems as front end relays with Qmail/Vpopmail/@Mail on multiple back end servers. Mail generated via Webmail on (or relayed through for some legacy stuff) each of the Qmail servers is relayed out to the MailScanner servers by default with a setting in /var/qmail/control/smtproutes. :mailscanner.domain.net Where mailscanner.domain.net is a round-robin DNS record pointing with equal priority to the MailScanners. From the Bind zone file... ; round-robin the results for mailscanner.domain.net mailscanner 60 A 192.168.1.10 mailscanner 60 A 192.168.1.11 The IPs of the Qmail servers are included in /etc/mail/access in the Sendmail config to allow RELAYing. Everything from /var/qmail/control/rcpthosts and morercpthosts from Qmail goes into /etc/mail/local-host-names so Sendmail knows to handle mail for those domains. rcpthosts and morercpthosts also go in ldap_domains because we use this in conjunction with mailhost.db to ensure we only accept mail for known valid users then route this on to mail.domain.net internally. mail.domain.net is effectively the Qmail servers load-balanced via LVS but could easily be round-robin DNS too. # "LDAP" domains we want to relay for. # See http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/270.html /etc/mail/mailertable is used for special mail routing that shouldn't be delivered to the Qmail boxes. Any domains you relay out for but don't necessarily handle their incoming MX need to go into relay-domains. I need to get round to thoroughly documenting and diagramming how we did this, if I do I'll sanitize it and put it in the Wiki. If you have any specific questions just ask (preferably on-list for the benefit of the archives) and I'll do what I can. Will. From Carl.Andrews at crackerbarrel.com Thu Feb 2 14:32:35 2006 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Thu Feb 2 14:34:12 2006 Subject: Password Protected PDFs Message-ID: <18BAD67B3136234285A06EB137C5CBD102F9ED2A@exchange03.CBOCS.com> Thanks! -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian Field Sent: Thursday, February 02, 2006 3:13 AM To: MailScanner discussion Subject: Re: Password Protected PDFs -----BEGIN PGP SIGNED MESSAGE----- On 2 Feb 2006, at 02:18, Andrews Carl 448 wrote: > I am having a problem allowing password protected PDFs in from an > address to an address using a ruleset. The ruleset works great, if > I put the lines in the virus.scanning.rules file. I tried the Allow > Password-Protected Archives option, but PDFs are not achives and so > mailscanner, correctly, ignores that rule. The log file shows > "MailScanner [####]: Viruses marked as silent: Password protected > file .", so this is a virus setting but I can not find it. Could > someone tell me what option I need to point to my ruleset or do I > have to use the virus.scanning.rules? Take a look at the "Allowed Sophos Error Messages" setting. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+HNIPw32o+k+q+hAQFB9wgAsvcJ8EQv2Off/jIHK+2rvY/+PZl1VIfU aVgHWh0YE94jr5Fua+AZRer599JdOCI1Zh/Qr4T/L50LhqzVvpQVKzyc+lKMB7Dz Yl29XW2l2L69SJ5oBQlYw1jcnxlhK5adPaPJiGorRbGtna8RjZlx8LvvvHSkHTh3 V8A8qQ/10L2OPglyvLuQZfxxR72jxHM2e4TIYtZvXHTuJdiZaYIHTWMNrUr5TWCq VaNDmmkPlLpIJ0bM77KG7iW3RMmBdFKBW4qaB+JElQjD4KC0sgst1ge3UxWA7JE+ LXQvg+mflx2v0Kd6hfVs9Z4GjHcdWDNH2Q2qEt/12zIvHufdLPd3nw== =RL57 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From campbell at cnpapers.com Thu Feb 2 14:44:24 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Feb 2 14:45:02 2006 Subject: Beta to latest stable suggestions References: <002301c62777$bc980a30$0705000a@DDF5DW71> <43E130C9.6000906@ecs.soton.ac.uk> Message-ID: <003701c62807$29664c50$0705000a@DDF5DW71> Mr. Field, If you have time, and can elaborate on what the MW changes from 4.50-12 Beta to 4.50-15 might be, I would appreciate it. I was having some problems with MW after upgrading, mostly with the quarantine views, but was not able to track the problem down. I will upgrade this afternoon, and there is no urgency to this at all. I have a work-around. The upgrade will tell me if it fixes the problem. The Changelog lumps all of the changes for 4.50 into one section, so I can't really tell the differences. Thanks for any reply and no big deal if you deem this a waste of time. Thanks for the superb efforts you always seem to provide! Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Wednesday, February 01, 2006 5:06 PM Subject: Re: Beta to latest stable suggestions > > > Steve Campbell wrote: >> I had installed the 4.50-12 Beta last week to get the latest >> configuration file changes. Is there any reason to upgrade to the latest >> stable? > If you want to use MailWatch, then yes. There are a few other things too. > It will be a painless upgrade. >> Should I have changed the "Minimum Supported Status" in the conf file to >> 'Beta' for the Beta release, and what are the results of not doing so if >> I should have changed this? > No, leave that set to Beta or Supported. > I'm going to remove that option altogether in the next release, it's > worthless now. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From chardlist at chard.net Thu Feb 2 14:37:45 2006 From: chardlist at chard.net (chardlist) Date: Thu Feb 2 14:54:11 2006 Subject: Bayes not working after upgrade to 4.50.14 Message-ID: <014801c62806$3ccc13c0$a000a8c0@sangria> I successfully upgrade to 4.50.14 tonight, I love the new features especially the hires time reports. I've noticed that after the upgrade MailScanner (or spamassassin) is no longer paying attention to my spam.assassin.prefs.conf file. The bayes database is not being used in the path I've specified, and other options I've configured in there, such as bumping the bayes score, I'm on a cPanel server so I upgraded using a scripted provided by www.waytotheweb.com which has been successful for me in the past and was adapted for MS 4.50.14 That's about the only unique thing I can think of that might make my upgrade a little different. My before upgrading my MailScanner.conf file had this value in it: SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf The after the upgrade that directive is not present. MS 4.50.14 RH 9 Exim 4.52 Thanks for any help! -Brendan From bpumphrey at WoodMacLaw.com Thu Feb 2 14:54:31 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Thu Feb 2 14:54:35 2006 Subject: OT: Win32/Mywife.E@mm Message-ID: <04D932B0071FE34FA63EBB1977B48D15BE3676@woodenex.woodmaclaw.local> I got a email from one of my users, always getting "FW:" from them just like everyone else. This one seemed like one of the better ones where the information might be actually useful. Quote: Please review the following links for information about an extremely serious new computer virus due to activate February 3, 2006. http://www.technologyreview.com/TR/wtr_16222,323,p1.html http://www.azcentral.com/news/articles/0127blackworm27-ON.html http://www.microsoft.com/technet/security/advisory/904420.mspx Unquote Naturally as long as everything is up to date things should be ok. People don't really know that a virus is going to happen before it does do they? From MailScanner at ecs.soton.ac.uk Thu Feb 2 14:56:15 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 14:56:29 2006 Subject: Beta to latest stable suggestions In-Reply-To: <003701c62807$29664c50$0705000a@DDF5DW71> References: <002301c62777$bc980a30$0705000a@DDF5DW71> <43E130C9.6000906@ecs.soton.ac.uk> <003701c62807$29664c50$0705000a@DDF5DW71> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I don't write MailWatch, I know nothing about MW changes. If you want to see the difference in MailScanner versions 4.50.12 and 4.50.15 then extract the ChangeLogs from them both and compare the files. The only MailWatch-related change to MailScanner is the addition of one extra configuration option "Always Looked Up Last After Batch" which Steve isn't using yet, but will do in the future. On 2 Feb 2006, at 14:44, Steve Campbell wrote: > Mr. Field, > > If you have time, and can elaborate on what the MW changes from > 4.50-12 Beta to 4.50-15 might be, I would appreciate it. I was > having some problems with MW after upgrading, mostly with the > quarantine views, but was not able to track the problem down. > > I will upgrade this afternoon, and there is no urgency to this at > all. I have a work-around. The upgrade will tell me if it fixes the > problem. The Changelog lumps all of the changes for 4.50 into one > section, so I can't really tell the differences. > > Thanks for any reply and no big deal if you deem this a waste of time. > Thanks for the superb efforts you always seem to provide! > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > > ----- Original Message ----- From: "Julian Field" > > To: "MailScanner discussion" > Sent: Wednesday, February 01, 2006 5:06 PM > Subject: Re: Beta to latest stable suggestions > > >> >> >> Steve Campbell wrote: >>> I had installed the 4.50-12 Beta last week to get the latest >>> configuration file changes. Is there any reason to upgrade to the >>> latest stable? >> If you want to use MailWatch, then yes. There are a few other >> things too. It will be a painless upgrade. >>> Should I have changed the "Minimum Supported Status" in the conf >>> file to 'Beta' for the Beta release, and what are the results of >>> not doing so if I should have changed this? >> No, leave that set to Beta or Supported. >> I'm going to remove that option altogether in the next release, >> it's worthless now. >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+Idkvw32o+k+q+hAQHyWQf/c/+W02pWhGiJQV+psiNXYOicLfeeR2xW DD0iqwI6YCPsXWLOCQDssyXGvTQ/xaoBCS55mvoluYlU3sOk0mMJcUX0uikesSd6 y1etVkaORm50HlNP0zICNezJArdK2PLOkvO/CYgNT5OBJQKfhSprij0crYFoXyT2 evw2wTgoqohTBTxwrL5RslBnU4JfkJ3M51wbf2dPtgy3XTCzIbN2a4y8QUyK5YYd 7NqRZPJVbuHMSpR38+yNRG36ZALWogdvUF5CDjsph/En2MyB4E5pOQpJmS1ePgAm lKdhIGehMqQk157eIAaLdSRLz7gZBKCJxPs3FfERXVOwzaGau3IHLQ== =AJ+F -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gregg at gbcomputers.com Thu Feb 2 14:56:31 2006 From: gregg at gbcomputers.com (Gregg Berkholtz) Date: Thu Feb 2 14:56:35 2006 Subject: Cannot install DBI with MS 4.50.14 In-Reply-To: <6CA19CF5-E8DB-4855-BBC3-3DD2B3D8A136@ecs.soton.ac.uk> References: <20060201182512.GA30959@gbcomputers.com> <43E124E4.6070907@ecs.soton.ac.uk> <20060201220412.GA10311@gbcomputers.com> <6CA19CF5-E8DB-4855-BBC3-3DD2B3D8A136@ecs.soton.ac.uk> Message-ID: <20060202145631.GA7297@gbcomputers.com> perl -v shows: This is perl, v5.6.1 built for i386-linux Though I'm not seeing any errors about =head3, am I just out of luck? Gregg On Thu, Feb 02, 2006 at 09:02:35AM +0000, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > What version of perl are you running? > > On 1 Feb 2006, at 22:04, Gregg Berkholtz wrote: > > > > > ********************************************************************** > > **** > > Perl versions below 5.6.1 are no longer supported by the DBI. > > Perl versions 5.6.x may fail during installation with a complaint > > about the use of =head3 in the pod documentation. > > Press return to continue... > > ********************************************************************** > > **** > > > > On Wed, Feb 01, 2006 at 09:15:16PM +0000, Julian Field wrote: > >> Do > >> > >> perl -MCPAN -e shell > >> install Storable > >> quit > >> > >> Make sure it doesn't start upgrading your entire Perl installation, > >> thump Ctrl-C like crazy if it does! > >> > >> Then try running the install.sh again. > >> > >> Gregg Berkholtz wrote: > >>> It appears I cant install DBI as I'm getting the following error > >>> after > >>> running > >>> MailScanner's install.sh on a Debian 3.0 system. Any assistance > >>> is greatly > >>> appreciated: > >>> From MailScanner at ecs.soton.ac.uk Thu Feb 2 14:59:37 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 14:59:47 2006 Subject: New speed benchmark Message-ID: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- I have just done a speed test. Hardware: dual Opteron, 4Gb RAM, SCSI disk. Software: RHEL4, MailScanner 4.50, SpamAssassin, DCC, Razor, clamavmodule MailScanner setup: default Speed: 770,000 messages per day - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+IeXPw32o+k+q+hAQGlHAgAuD7THLPyItCsQuVwRDvgusrGwYhglW35 Uw6jVEb/23B/Uax/0BL/w4EndQDylMuKUokckkqtiG4526I5tHnkwtRnYCJRhJgk 50XFzh4+Y1Z0wb0i76gH6tz/L50XFir+yKYT5+ZJJHjnaOhag/a/xqiwmVok0MRw YAC8mHPGFvo8QiwTJiSZ8BToGXq5T4FUdxB4Cjz4GXurL+u7+m+ygF3YspI39lUn soxqT93KZwV50I8novXNg0oNHCe+Y43JYJMgDvqdfXABxeYZ82+G26+Zys1n1h9T 72I3wn4NNHYm9F5UMWdaiDcxZFQIODqeK401ITyCN9hEd2CguOGDOg== =16RG -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 2 15:01:11 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 15:01:22 2006 Subject: Bayes not working after upgrade to 4.50.14 In-Reply-To: <014801c62806$3ccc13c0$a000a8c0@sangria> References: <014801c62806$3ccc13c0$a000a8c0@sangria> Message-ID: <5B20957E-75B6-410A-A499-6F4738C1DA9B@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 2 Feb 2006, at 14:37, chardlist wrote: > I successfully upgrade to 4.50.14 tonight, I love the new features > especially the hires time reports. > > I've noticed that after the upgrade MailScanner (or spamassassin) > is no > longer paying attention to my spam.assassin.prefs.conf file. The > bayes > database is not being used in the path I've specified, and other > options > I've configured in there, such as bumping the bayes score, > > I'm on a cPanel server so I upgraded using a scripted provided by > www.waytotheweb.com which has been successful for me in the past > and was > adapted for MS 4.50.14 That's about the only unique thing I can > think of > that might make my upgrade a little different. > > My before upgrading my MailScanner.conf file had this value in it: > > SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf > > The after the upgrade that directive is not present. Correct. Did you run the install.sh script? If so, you should have a link in /etc/mail/spamassassin/ mailscanner.cf which points to your spam.assassin.prefs.conf. Once that link is in place, then all will work as you expect. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+Ieufw32o+k+q+hAQF+owf9Fzvp7mz3Z5DHNNAh+ueqUFmgiyfa2WOE qnKsbg2U4CJO05akj8RvSluGQYdy5l++dOSiFo6MKU+LM+o6TtLLso/HDrvQKN+c EpH7HjNXlQO4iCQIeENMxsLXf9ke1S2Tg1RQqdtvHXDoxVpvYU+Nlt7HrqRPRn4N Xpi8HIJnZd6fBQklZTEtLL72BPHaicxSdic24mEKcVH7iCkU6DBZbyBozYEM3OOq hqxr/rJPpeZJSZ6HSbAYMLGxt228ooNkfIoUU6yF3cTtu9C4eZ3K3VfhkBwidYjk MrjzhpPzquF3RFihCMPKojBHmTjDNE7guN9FFkfgV+gyEX3eshm/jg== =yuzL -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 2 15:15:14 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 15:15:28 2006 Subject: Cannot install DBI with MS 4.50.14 In-Reply-To: <20060202145631.GA7297@gbcomputers.com> References: <20060201182512.GA30959@gbcomputers.com> <43E124E4.6070907@ecs.soton.ac.uk> <20060201220412.GA10311@gbcomputers.com> <6CA19CF5-E8DB-4855-BBC3-3DD2B3D8A136@ecs.soton.ac.uk> <20060202145631.GA7297@gbcomputers.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Does your /etc/sysconfig/i18n file mention UTF-8? If so, remove all the ".UTF-8" strings from the file, the logout and log back in again. Then try re-installing that module again. On 2 Feb 2006, at 14:56, Gregg Berkholtz wrote: > perl -v shows: > This is perl, v5.6.1 built for i386-linux > > Though I'm not seeing any errors about =head3, am I just out of luck? > > Gregg > > On Thu, Feb 02, 2006 at 09:02:35AM +0000, Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> >> What version of perl are you running? >> >> On 1 Feb 2006, at 22:04, Gregg Berkholtz wrote: >> >>> >>> ******************************************************************** >>> ** >>> **** >>> Perl versions below 5.6.1 are no longer supported by the DBI. >>> Perl versions 5.6.x may fail during installation with a complaint >>> about the use of =head3 in the pod documentation. >>> Press return to continue... >>> ******************************************************************** >>> ** >>> **** >>> >>> On Wed, Feb 01, 2006 at 09:15:16PM +0000, Julian Field wrote: >>>> Do >>>> >>>> perl -MCPAN -e shell >>>> install Storable >>>> quit >>>> >>>> Make sure it doesn't start upgrading your entire Perl installation, >>>> thump Ctrl-C like crazy if it does! >>>> >>>> Then try running the install.sh again. >>>> >>>> Gregg Berkholtz wrote: >>>>> It appears I cant install DBI as I'm getting the following error >>>>> after >>>>> running >>>>> MailScanner's install.sh on a Debian 3.0 system. Any assistance >>>>> is greatly >>>>> appreciated: >>>>> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+IiBPw32o+k+q+hAQFWSgf/f7lrDPoUkMVsgShQvOaXPDnvbwQSU7D+ BbMKTpU4uC6mHcZnBu0HV74filiZbzOqmn0ezU8nHZWVxkOkgsfV0mwRK5f7vwoy eqvACiufMoEnPuJqEr7jHM+aRIdvnqAY9Kf63GfnAyqCGUTC2jSAIjXUTwA9Ssnd FtPRohv1zSsJCgJchHzqnUmwSTBdHs8iDm7Mt9SPOziDNWnL2ArM2OAtGJT30JEy ULbF/+WoCZQ9vfa5SH9zrA09d90OQHU93+UqHdRNNzvpMK9gSKGA9Q77MpbiuRC0 D5BT27kHYKtQRGqEGd49nAJHeimA1ceD5JJJDaxE8olD0iXxgYVsbQ== =y9Rf -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Thu Feb 2 15:23:26 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 2 15:23:29 2006 Subject: Bayes not working after upgrade to 4.50.14 In-Reply-To: <014801c62806$3ccc13c0$a000a8c0@sangria> References: <014801c62806$3ccc13c0$a000a8c0@sangria> Message-ID: <223f97700602020723j795557c4k@mail.gmail.com> On 02/02/06, chardlist wrote: > I successfully upgrade to 4.50.14 tonight, I love the new features > especially the hires time reports. > > I've noticed that after the upgrade MailScanner (or spamassassin) is no > longer paying attention to my spam.assassin.prefs.conf file. The bayes > database is not being used in the path I've specified, and other options > I've configured in there, such as bumping the bayes score, > > I'm on a cPanel server so I upgraded using a scripted provided by > www.waytotheweb.com which has been successful for me in the past and was > adapted for MS 4.50.14 That's about the only unique thing I can think of > that might make my upgrade a little different. > > My before upgrading my MailScanner.conf file had this value in it: > > SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf > > The after the upgrade that directive is not present. > > MS 4.50.14 > RH 9 > Exim 4.52 > > Thanks for any help! > > -Brendan > Do you have a symbolic link mailscanner.cf in your site rules directory pointing to spam.assassin.prefs.conf? If not, you need create one. Do spamassassin --lint -D 2>&1 | less and look for the site rules dir, to find out where it is on your system, then ls /path/to/site/rule/dir/mailscanner.cf If that fails, you need do ln -s /path/to/spam.assassin.prefs.conf /path/to/site/rule/dir/mailscanner.cf HTH -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From gmatt at nerc.ac.uk Thu Feb 2 15:28:58 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Feb 2 15:29:16 2006 Subject: Attachment Warnings - End of Line Behavior Changed (CR, LF) In-Reply-To: <1138845529.4025.80.camel@canyon.wittsend.com> References: <6a4915590601301601s5399fd75jabf461d86eaf5d71@mail.gmail.com> <6a4915590602010730t3055651elef164558540cee58@mail.gmail.com> <43E0D70F.9080804@USherbrooke.ca> <1138845529.4025.80.camel@canyon.wittsend.com> Message-ID: <1138894138.25670.25.camel@lea.nerc-wallingford.ac.uk> On Wed, 2006-02-01 at 20:58 -0500, Michael H. Warfield wrote: > Turns out it's far worse than we imagined. ...... Work in progress... > > ITMT... Turn off "Sign Clean Messages". > yeegads! theres no way I can turn this option off now that it is implemented. I was hoping to upgrade MS from 4.45.4 to 4.50.x pretty soon, looks like this will have to be on hold for a while. Will the fix be announced here or will I have to monitor a perl mailing list somewhere? G > Mike -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From MailScanner at ecs.soton.ac.uk Thu Feb 2 15:33:39 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 15:33:51 2006 Subject: New speed benchmark In-Reply-To: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> Message-ID: <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- I forgot to add the MTA is sendmail On 2 Feb 2006, at 14:59, Julian Field wrote: > * PGP Signed: 02/02/06 at 14:59:40 > > I have just done a speed test. > Hardware: dual Opteron, 4Gb RAM, SCSI disk. > Software: RHEL4, MailScanner 4.50, SpamAssassin, DCC, Razor, > clamavmodule > MailScanner setup: default > > Speed: 770,000 messages per day - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+ImVvw32o+k+q+hAQFbhQgAn01bcx/s1UklL5G3PRV10P/UayD6dPfs r4djIV7U8eh166021xJzqQu4CKb85+4n/+PRP2iVvWuxph0Uf9+Uv5wqXzfhSUlG nHjE/SdK93D0B0Prpm7oQm4xaFvU/mncwY5IJg000oO5lVUVqdINNbuqmw6eb8TS +RSlnv3aNcmZ+HAeLDjcwnSyj3wrKZqukJcl+xRI0ZPAz6HOE/Zwh6cM1ZJgoUsK PZ/2xlBgGVdXRK4yexkq75Mk9IqLojGgFUAszmRs9/1pIBu3XqLMFw0RNvXVwj/8 oveWg7FlPAEr3WZgCF13Fhv1DuD/tcRvCuiYXGcZVKOo9DTOjbtUdw== =aZWi -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From chardlist at chard.net Thu Feb 2 15:40:10 2006 From: chardlist at chard.net (chardlist) Date: Thu Feb 2 15:40:25 2006 Subject: Bayes not working after upgrade to 4.50.14 In-Reply-To: <5B20957E-75B6-410A-A499-6F4738C1DA9B@ecs.soton.ac.uk> Message-ID: <015001c6280e$f52fc6c0$a000a8c0@sangria> The script I used to upgrade, (provided by waytotheweb.com) didn't make the link. I have now added it and that did the trick. I'll drop a note to those other folks about the issue. Thanks as always, -Brendan -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, February 02, 2006 9:01 AM To: MailScanner discussion Subject: Re: Bayes not working after upgrade to 4.50.14 -----BEGIN PGP SIGNED MESSAGE----- On 2 Feb 2006, at 14:37, chardlist wrote: > I successfully upgrade to 4.50.14 tonight, I love the new features > especially the hires time reports. > > I've noticed that after the upgrade MailScanner (or spamassassin) > is no > longer paying attention to my spam.assassin.prefs.conf file. The > bayes > database is not being used in the path I've specified, and other > options > I've configured in there, such as bumping the bayes score, > > I'm on a cPanel server so I upgraded using a scripted provided by > www.waytotheweb.com which has been successful for me in the past > and was > adapted for MS 4.50.14 That's about the only unique thing I can > think of > that might make my upgrade a little different. > > My before upgrading my MailScanner.conf file had this value in it: > > SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf > > The after the upgrade that directive is not present. Correct. Did you run the install.sh script? If so, you should have a link in /etc/mail/spamassassin/ mailscanner.cf which points to your spam.assassin.prefs.conf. Once that link is in place, then all will work as you expect. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+Ieufw32o+k+q+hAQF+owf9Fzvp7mz3Z5DHNNAh+ueqUFmgiyfa2WOE qnKsbg2U4CJO05akj8RvSluGQYdy5l++dOSiFo6MKU+LM+o6TtLLso/HDrvQKN+c EpH7HjNXlQO4iCQIeENMxsLXf9ke1S2Tg1RQqdtvHXDoxVpvYU+Nlt7HrqRPRn4N Xpi8HIJnZd6fBQklZTEtLL72BPHaicxSdic24mEKcVH7iCkU6DBZbyBozYEM3OOq hqxr/rJPpeZJSZ6HSbAYMLGxt228ooNkfIoUU6yF3cTtu9C4eZ3K3VfhkBwidYjk MrjzhpPzquF3RFihCMPKojBHmTjDNE7guN9FFkfgV+gyEX3eshm/jg== =yuzL -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Feb 2 15:50:37 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 15:50:46 2006 Subject: Bayes not working after upgrade to 4.50.14 In-Reply-To: <015001c6280e$f52fc6c0$a000a8c0@sangria> References: <015001c6280e$f52fc6c0$a000a8c0@sangria> Message-ID: <6F3D5FCA-F2C8-4D2D-A584-9F036B20E0B2@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 2 Feb 2006, at 15:40, chardlist wrote: > The script I used to upgrade, (provided by waytotheweb.com) didn't > make the > link. I have now added it and that did the trick. Why not just use my script? At least it works. > > I'll drop a note to those other folks about the issue. > > Thanks as always, > > -Brendan > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Julian > Field > Sent: Thursday, February 02, 2006 9:01 AM > To: MailScanner discussion > Subject: Re: Bayes not working after upgrade to 4.50.14 > > * PGP Signed by an unmatched address: 02/02/06 at 15:01:13 > > On 2 Feb 2006, at 14:37, chardlist wrote: > >> I successfully upgrade to 4.50.14 tonight, I love the new features >> especially the hires time reports. >> >> I've noticed that after the upgrade MailScanner (or spamassassin) >> is no >> longer paying attention to my spam.assassin.prefs.conf file. The >> bayes >> database is not being used in the path I've specified, and other >> options >> I've configured in there, such as bumping the bayes score, >> >> I'm on a cPanel server so I upgraded using a scripted provided by >> www.waytotheweb.com which has been successful for me in the past >> and was >> adapted for MS 4.50.14 That's about the only unique thing I can >> think of >> that might make my upgrade a little different. >> >> My before upgrading my MailScanner.conf file had this value in it: >> >> SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf >> >> The after the upgrade that directive is not present. > > Correct. > Did you run the install.sh script? > > If so, you should have a link in /etc/mail/spamassassin/ > mailscanner.cf which points to your spam.assassin.prefs.conf. > > Once that link is in place, then all will work as you expect. > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > * Julian Field > * 0xA4FAAFA1 (L) > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+IqUPw32o+k+q+hAQFtAQf+P9RZ2uK6Rq9R/f8JFqRBdySjXXC2oGlI HdA9VFsdpUk19zLosI6RGUY7uOf9U5exF7guMVJ98YVmFOV3wncXdb0thv4KEhqs slBS1+K0z1mPN+q8mqe++KRxCZLuv4DMItRnCGJr7qO3XkspuezTcypL/MWJ4hjH Z+Lw7egeF0hDNpGxmqxpMVdeXC078niTXsj5x4auifUFL/gFH1G540ILIZm2PIOi AB3pa54UgplpFabPLNclRNXAND9YjpvIk62ymEuGT5N/s/Sv26WcpRbsl4e2xzGi yAjXbdjWsQF9mG5uy4a5o4eW/WObkaSeeYjOrFAOAjxQzrRupstc3w== =9eW5 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gborders at jlewiscooper.com Thu Feb 2 15:51:59 2006 From: gborders at jlewiscooper.com (Greg Borders) Date: Thu Feb 2 15:53:39 2006 Subject: OT: Win32/Mywife.E@mm In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15BE3676@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15BE3676@woodenex.woodmaclaw.local> Message-ID: <43E22A9F.80203@jlewiscooper.com> My MS system already caught this bad boy: 01/31/06 03:20:21 dstumpf@mpowercom.com user@example.com Fw: 179.1Kb 0.98 0.00 Virus (Win32.Nyxem.F@mm ) ClamAV and Bitdefender to the rescue! Billy A. Pumphrey wrote: > I got a email from one of my users, always getting "FW:" from them just > like everyone else. This one seemed like one of the better ones where > the information might be actually useful. > > > Quote: > > Please review the following links for information about an extremely > serious new computer virus due to activate February 3, 2006. > > http://www.technologyreview.com/TR/wtr_16222,323,p1.html > > http://www.azcentral.com/news/articles/0127blackworm27-ON.html > > http://www.microsoft.com/technet/security/advisory/904420.mspx > > Unquote > > Naturally as long as everything is up to date things should be ok. > People don't really know that a virus is going to happen before it does > do they? > Only if the bug has a timer/date trigger in them. They get installed, then lie in wait, and BAM do nasty things later. Once detected early, we effectively reverse engineer the virus code, know that the virus will trigger in the future, thus know it's going to happen before. Once users update their scanning softs they can be assured the bug will be eradicated before they trigger. The media is a funny animal, they latch onto these bugs seemingly at random, spreading doom and gloom, when we techs know that new bugs are a daily occurrence, and are quickly and quietly squished by anti-virus community. Greg Borders Sys. Admin. JLC Co. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dave.list at pixelhammer.com Thu Feb 2 15:55:39 2006 From: dave.list at pixelhammer.com (DAve) Date: Thu Feb 2 15:55:50 2006 Subject: New speed benchmark In-Reply-To: <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> Message-ID: <43E22B7B.3000809@pixelhammer.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > I forgot to add the MTA is sendmail > > On 2 Feb 2006, at 14:59, Julian Field wrote: > > >>* PGP Signed: 02/02/06 at 14:59:40 >> >>I have just done a speed test. >>Hardware: dual Opteron, 4Gb RAM, SCSI disk. >>Software: RHEL4, MailScanner 4.50, SpamAssassin, DCC, Razor, >>clamavmodule >>MailScanner setup: default >> >>Speed: 770,000 messages per day > > What happens at 780,000 messages a day? DAve From campbell at cnpapers.com Thu Feb 2 16:00:06 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Feb 2 16:01:21 2006 Subject: Beta to latest stable suggestions References: <002301c62777$bc980a30$0705000a@DDF5DW71><43E130C9.6000906@ecs.soton.ac.uk><003701c62807$29664c50$0705000a@DDF5DW71> Message-ID: <013b01c62811$bc9d5360$0705000a@DDF5DW71> Mr. Field, Thanks for the reply and the pointers about the Changelog. The ChangeLog on the website is the file I was referring to, and the RPM based download does not include the ChangeLog. I was just curious and was using resources immediately available. . I realize you don't write MailWatch, but was just wondering about your reference to the fact that if I wanted to use MW, I should upgrade. Again, thanks and I download the tar based versions and compare. Steve ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Thursday, February 02, 2006 9:56 AM Subject: Re: Beta to latest stable suggestions > -----BEGIN PGP SIGNED MESSAGE----- > > I don't write MailWatch, I know nothing about MW changes. > If you want to see the difference in MailScanner versions 4.50.12 and > 4.50.15 then extract the ChangeLogs from them both and compare the > files. > > The only MailWatch-related change to MailScanner is the addition of > one extra configuration option "Always Looked Up Last After Batch" > which Steve isn't using yet, but will do in the future. > > On 2 Feb 2006, at 14:44, Steve Campbell wrote: > >> Mr. Field, >> >> If you have time, and can elaborate on what the MW changes from >> 4.50-12 Beta to 4.50-15 might be, I would appreciate it. I was >> having some problems with MW after upgrading, mostly with the >> quarantine views, but was not able to track the problem down. >> >> I will upgrade this afternoon, and there is no urgency to this at >> all. I have a work-around. The upgrade will tell me if it fixes the >> problem. The Changelog lumps all of the changes for 4.50 into one >> section, so I can't really tell the differences. >> >> Thanks for any reply and no big deal if you deem this a waste of time. >> Thanks for the superb efforts you always seem to provide! >> >> Steve Campbell >> campbell@cnpapers.com >> Charleston Newspapers >> >> ----- Original Message ----- From: "Julian Field" >> >> To: "MailScanner discussion" >> Sent: Wednesday, February 01, 2006 5:06 PM >> Subject: Re: Beta to latest stable suggestions >> >> >>> >>> >>> Steve Campbell wrote: >>>> I had installed the 4.50-12 Beta last week to get the latest >>>> configuration file changes. Is there any reason to upgrade to the >>>> latest stable? >>> If you want to use MailWatch, then yes. There are a few other >>> things too. It will be a painless upgrade. >>>> Should I have changed the "Minimum Supported Status" in the conf >>>> file to 'Beta' for the Beta release, and what are the results of >>>> not doing so if I should have changed this? >>> No, leave that set to Beta or Supported. >>> I'm going to remove that option altogether in the next release, >>> it's worthless now. >>> >>> -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.4 (Build 4042) > > iQEVAwUBQ+Idkvw32o+k+q+hAQHyWQf/c/+W02pWhGiJQV+psiNXYOicLfeeR2xW > DD0iqwI6YCPsXWLOCQDssyXGvTQ/xaoBCS55mvoluYlU3sOk0mMJcUX0uikesSd6 > y1etVkaORm50HlNP0zICNezJArdK2PLOkvO/CYgNT5OBJQKfhSprij0crYFoXyT2 > evw2wTgoqohTBTxwrL5RslBnU4JfkJ3M51wbf2dPtgy3XTCzIbN2a4y8QUyK5YYd > 7NqRZPJVbuHMSpR38+yNRG36ZALWogdvUF5CDjsph/En2MyB4E5pOQpJmS1ePgAm > lKdhIGehMqQk157eIAaLdSRLz7gZBKCJxPs3FfERXVOwzaGau3IHLQ== > =AJ+F > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Thu Feb 2 16:08:20 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 16:08:34 2006 Subject: New speed benchmark In-Reply-To: <43E22B7B.3000809@pixelhammer.com> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 2 Feb 2006, at 15:55, DAve wrote: > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> I forgot to add the MTA is sendmail >> On 2 Feb 2006, at 14:59, Julian Field wrote: >>>> Old Signed: 02/02/06 at 14:59:40 >>> >>> I have just done a speed test. >>> Hardware: dual Opteron, 4Gb RAM, SCSI disk. >>> Software: RHEL4, MailScanner 4.50, SpamAssassin, DCC, Razor, >>> clamavmodule >>> MailScanner setup: default >>> >>> Speed: 770,000 messages per day > > What happens at 780,000 messages a day? Over the space of 1 day you will end the day with 10,000 messages sat in the incoming queue. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+Iud/w32o+k+q+hAQFRAQf/XNyBd/BOLOo1oMdvLR5lkgE0+cDqOSjv HhV7mMb4BW8zAcuu7fsvubwz+kOds7OCiR1krIBrLuFdAByw1FqY5MxJ3ZS+5KVD nsgZbVpulIkQIoYziiXUaJXJHo3Z4a84zFSrv80e8M0cEFndums+VVD01gPdBmyR biRZtNAiZVEczLEI+fjn1GtPnN+sMETdy9ZIX/wfdrVaX3p27HzxQ4Zw0R01zXaD t65TrtX1kNzUjtP7RBs+xOzE0DI3zZBQ3OhLw14FYgNOF840ZUJQy7EfBKKTNVYV Kgt4cj/QQ9uUIeKaT+ng+mlgb7+ACTYOgyuF1sApCkcFn2nwPtjZlA== =RsIm -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dnsadmin at 1bigthink.com Thu Feb 2 16:08:36 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Thu Feb 2 16:08:44 2006 Subject: ALL_TRUSTED problems In-Reply-To: <43E1596B.40101@evi-inc.com> References: <223f97700602011640o2eea2318y@mail.gmail.com> <43E1596B.40101@evi-inc.com> Message-ID: <6.2.3.4.0.20060202105138.0abb6248@mxt.1bigthink.com> At 07:59 PM 2/1/2006, you wrote: >Glenn Steen wrote: > > On 01/02/06, Richard Edge wrote: > >> If I change the line: > >> > >> Score ALL_TRUSTED 0 > >> > >> To: > >> > >> core ALL_TRUSTED > >> > >> Then the output from "spamassassin -p /etc/mail/mailscanner.cf --lint" > >> gives me a: > >> > >> [22778] warn: config: failed to parse line, skipping: core ALL_TRUSTED 0 > >> [22778] warn: lint: 1 issues detected, please rerun with debug enabled > >> for more information > >> > > > > Um, does it carp if you don't specify "-p /etc/mail/mailscanner.cf " > > too? You shouldn't need use it as a preference file > straws:-)> anymore, since it should be part of the site rules... A > > plain "spamassassin --lint" should suffice. > > > >Erm, what on earth is mailscanner.cf doing in /etc/mail/?? > >it belongs in /etc/mail/spamassassin or /etc/spamassassin, or some other >directory containing the word "spamassassin" depending on how your >SA is configured. > >Realistically you should *NEVER*, EVER under any condition use -p to point to >any site-level file. It should only point to a user level file. > >Mailscanner.cf is NOT a user level file. > >The whole reason mailscanner.cf was created was to ensure it was NOT used as a >user prefs file. mailscanner.cf contains options that are ONLY valid at the >site-wide level. Do NOT pass this -p. It belongs in the SA >site-config directory >so SA always parses it, and to make sure that SA correctly parses it. > >If it's not in the site config directory, SA won't parse it when >mailscanner runs. > >New versions of Mailscanner do NOT pass mailscanner.cf as a user prefs file, >thus by adding -p you are changing the behavior of spamassassin to >be different >than what Mailscanner does with it. > >I know this is contrary to how old versions of MS worked. In old versions, >spam.assassin.prefs.conf was passed as a user_prefs replacement. However, This >file kept pushing options in which are only valid at the site level. It also >pushed options such as bayes_path which need to be passed to all >instances of sa >on the system, such as sa-learn. > >After some prodding, Julian finally created MailScanner.cf, a file >to be placed >alongside local.cf and other site-wide config files. This way any call to SA >automatically parses this file. > This is what got my pulse going yesterday and prompted me to join the thread! This plopped into my personal mail address and the only reason it did not get tagged was due to the ALL_TRUSTED rule. Subject: [#yruxdjtp] Shaved Teen Bending from Over & Showing Upskirt Movies MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-1bigthink.com-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.917, required 5, ALL_TRUSTED -3.30, BAYES_50 0.00, HOT_NASTY 0.09, SARE_ADULT2 1.67, URIBL_JP_SURBL 4.00, URIBL_WS_SURBL 1.46) I operate on Sprint public IP space that is not NAT'd. I am priviledged to answer my own PTR - RDNS. No gateway. I do not have any trusted hosts defined. Here is the output of my ' spamassassin --lint -D' debug: SpamAssassin version 3.0.3 debug: Score set 0 chosen. debug: running in taint mode? yes debug: Running in taint mode, removing unsafe env vars, and resetting PATH debug: PATH included '/usr/kerberos/sbin', keeping. debug: PATH included '/usr/kerberos/bin', keeping. debug: PATH included '/usr/local/sbin', keeping. debug: PATH included '/usr/local/bin', keeping. debug: PATH included '/sbin', keeping. debug: PATH included '/bin', keeping. debug: PATH included '/usr/sbin', keeping. debug: PATH included '/usr/bin', keeping. debug: PATH included '/usr/X11R6/bin', keeping. debug: PATH included '/root/bin', which doesn't exist, dropping. debug: Final PATH set to: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin debug: diag: module installed: DBI, version 1.32 debug: diag: module installed: DB_File, version 1.810 debug: diag: module installed: Digest::SHA1, version 2.10 debug: diag: module installed: IO::Socket::UNIX, version 1.2 debug: diag: module installed: MIME::Base64, version 2.12 debug: diag: module installed: Net::DNS, version 0.48 debug: diag: module not installed: Net::LDAP ('require' failed) debug: diag: module not installed: Razor2::Client::Agent ('require' failed) debug: diag: module installed: Storable, version 2.06 debug: diag: module installed: URI, version 1.35 debug: ignore: using a test message to lint rules debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre debug: config: read file /etc/mail/spamassassin/init.pre debug: using "/usr/share/spamassassin" for default rules dir debug: config: read file /usr/share/spamassassin/10_misc.cf debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf debug: config: read file /usr/share/spamassassin/20_body_tests.cf debug: config: read file /usr/share/spamassassin/20_compensate.cf debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf debug: config: read file /usr/share/spamassassin/20_drugs.cf debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf debug: config: read file /usr/share/spamassassin/20_head_tests.cf debug: config: read file /usr/share/spamassassin/20_html_tests.cf debug: config: read file /usr/share/spamassassin/20_meta_tests.cf debug: config: read file /usr/share/spamassassin/20_phrases.cf debug: config: read file /usr/share/spamassassin/20_porn.cf debug: config: read file /usr/share/spamassassin/20_ratware.cf debug: config: read file /usr/share/spamassassin/20_uri_tests.cf debug: config: read file /usr/share/spamassassin/23_bayes.cf debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf debug: config: read file /usr/share/spamassassin/25_hashcash.cf debug: config: read file /usr/share/spamassassin/25_spf.cf debug: config: read file /usr/share/spamassassin/25_uribl.cf debug: config: read file /usr/share/spamassassin/30_text_de.cf debug: config: read file /usr/share/spamassassin/30_text_fr.cf debug: config: read file /usr/share/spamassassin/30_text_nl.cf debug: config: read file /usr/share/spamassassin/30_text_pl.cf debug: config: read file /usr/share/spamassassin/50_scores.cf debug: config: read file /usr/share/spamassassin/60_whitelist.cf debug: using "/etc/mail/spamassassin" for site rules dir debug: config: read file /etc/mail/spamassassin/70_sare_adult.cf debug: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf debug: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj0.cf debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj1.cf debug: config: read file /etc/mail/spamassassin/70_sare_header.cf debug: config: read file /etc/mail/spamassassin/70_sare_header0.cf debug: config: read file /etc/mail/spamassassin/70_sare_header1.cf debug: config: read file /etc/mail/spamassassin/70_sare_html.cf debug: config: read file /etc/mail/spamassassin/70_sare_html0.cf debug: config: read file /etc/mail/spamassassin/70_sare_html1.cf debug: config: read file /etc/mail/spamassassin/70_sare_oem.cf debug: config: read file /etc/mail/spamassassin/70_sare_random.cf debug: config: read file /etc/mail/spamassassin/70_sare_specific.cf debug: config: read file /etc/mail/spamassassin/70_sare_spoof.cf debug: config: read file /etc/mail/spamassassin/70_sare_unsub.cf debug: config: read file /etc/mail/spamassassin/70_sare_uri0.cf debug: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf debug: config: read file /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf debug: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf debug: config: read file /etc/mail/spamassassin/local.cf debug: config: read file /etc/mail/spamassassin/tripwire.cf debug: using "/root/.spamassassin" for user state dir debug: using "/root/.spamassassin/user_prefs" for user prefs file debug: config: read file /root/.spamassassin/user_prefs debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168) debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78) debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168) implements 'parse_config' debug: using "/root/.spamassassin" for user state dir debug: bayes: 28513 tie-ing to DB file R/O /root/.spamassassin/bayes_toks debug: bayes: 28513 tie-ing to DB file R/O /root/.spamassassin/bayes_seen debug: bayes: found bayes db version 3 debug: using "/root/.spamassassin" for user state dir debug: Score set 3 chosen. debug: ---- MIME PARSER START ---- debug: main message type: text/plain debug: parsing normal part debug: added part, type: text/plain debug: ---- MIME PARSER END ---- debug: metadata: X-Spam-Relays-Trusted: debug: metadata: X-Spam-Relays-Untrusted: debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) implements 'parsed_metadata' debug: is Net::DNS::Resolver available? yes debug: Net::DNS version: 0.48 debug: trying (3) gmx.net... debug: looking up NS for 'gmx.net' debug: NS lookup of gmx.net succeeded => Dns available (set dns_available to hardcode) debug: is DNS available? 1 debug: decoding: no encoding detected debug: URIDNSBL: domains to query: debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org debug: Running tests for priority: 0 debug: running header regexp tests; score so far=0 debug: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168)) debug: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) debug: SPF: message was delivered entirely via trusted relays, not required debug: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168)) debug: all '*To' addrs: debug: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) debug: SPF: message was delivered entirely via trusted relays, not required debug: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) debug: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) debug: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) debug: registering glue method for check_for_spf_helo_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) debug: running body-text per-line regexp tests; score so far=-3.174 debug: running uri tests; score so far=-3.174 debug: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c)) debug: bayes corpus size: nspam = 4620, nham = 408 debug: tokenize: header tokens for *F = "U*ignore D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org D*org" debug: tokenize: header tokens for *m = " 1138895936 lint_rules " debug: tokenize: header tokens for *RT = " " debug: tokenize: header tokens for *RU = " " debug: bayes token 'body' => 0.946350853491789 debug: bayes token 'H*Ad:D*org' => 0.0946204880029939 debug: bayes: score = 0.429821922703648 debug: bayes: 28513 untie-ing debug: bayes: 28513 untie-ing db_toks debug: bayes: 28513 untie-ing db_seen debug: Razor2 is not available debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) implements 'check_tick' debug: running raw-body-text per-line regexp tests; score so far=-3.173 debug: running full-text regexp tests; score so far=-3.173 debug: Razor2 is not available debug: Current PATH is: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin debug: Pyzor is not available: pyzor not found debug: DCCifd is not available: no r/w dccifd socket found. debug: DCC is not available: no executable dccproc found. debug: Running tests for priority: 500 debug: RBL: success for 1 of 1 queries debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) implements 'check_post_dnsbl' debug: running meta tests; score so far=-3.173 debug: running header regexp tests; score so far=-1.947 debug: running body-text per-line regexp tests; score so far=-1.947 debug: running uri tests; score so far=-1.947 debug: running raw-body-text per-line regexp tests; score so far=-1.947 debug: running full-text regexp tests; score so far=-1.947 debug: Running tests for priority: 1000 debug: running meta tests; score so far=-1.947 debug: running header regexp tests; score so far=-1.947 debug: using "/root/.spamassassin" for user state dir debug: lock: 28513 created /root/.spamassassin/auto-whitelist.lock.mxt.1bigthink.com.28513 debug: lock: 28513 trying to get lock on /root/.spamassassin/auto-whitelist with 0 retries debug: lock: 28513 link to /root/.spamassassin/auto-whitelist.lock: link ok debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist debug: auto-whitelist (db-based): ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 debug: AWL active, pre-score: -1.947, autolearn score: -1.947, mean: undef, IP: undef debug: DB addr list: untie-ing and unlocking. debug: DB addr list: file locked, breaking lock. debug: unlock: 28513 unlink /root/.spamassassin/auto-whitelist.lock debug: Post AWL score: -1.947 debug: running body-text per-line regexp tests; score so far=-1.947 debug: running uri tests; score so far=-1.947 debug: running raw-body-text per-line regexp tests; score so far=-1.947 debug: running full-text regexp tests; score so far=-1.947 debug: is spam? score=-1.947 required=4.57 debug: tests=ALL_TRUSTED,BAYES_50,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME debug: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID Any advice greatly appreciated. Comments to the effect that this messagewas a fluke at getting by would be acceptable at this point too. I think I do understand the issue a lot better, now. Thanks, Glenn Parsons From MailScanner at ecs.soton.ac.uk Thu Feb 2 16:10:16 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 16:10:30 2006 Subject: Beta to latest stable suggestions In-Reply-To: <013b01c62811$bc9d5360$0705000a@DDF5DW71> References: <002301c62777$bc980a30$0705000a@DDF5DW71><43E130C9.6000906@ecs.soton.ac.uk><003701c62807$29664c50$0705000a@DDF5DW71> <013b01c62811$bc9d5360$0705000a@DDF5DW71> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 2 Feb 2006, at 16:00, Steve Campbell wrote: > Mr. Field, > > Thanks for the reply and the pointers about the Changelog. The > ChangeLog on the website is the file I was referring to, and the > RPM based download does not include the ChangeLog. Yes it does. /usr/share/doc/mailscanner-4.50.12/html/ChangeLog > I was just curious and was using resources immediately available. > . > I realize you don't write MailWatch, but was just wondering about > your reference to the fact that if I wanted to use MW, I should > upgrade. > > Again, thanks and I download the tar based versions and compare. > > Steve > > ----- Original Message ----- From: "Julian Field" > > To: "MailScanner discussion" > Sent: Thursday, February 02, 2006 9:56 AM > Subject: Re: Beta to latest stable suggestions > > >> -----BEGIN PGP SIGNED MESSAGE----- >> >> I don't write MailWatch, I know nothing about MW changes. >> If you want to see the difference in MailScanner versions 4.50.12 and >> 4.50.15 then extract the ChangeLogs from them both and compare the >> files. >> >> The only MailWatch-related change to MailScanner is the addition of >> one extra configuration option "Always Looked Up Last After Batch" >> which Steve isn't using yet, but will do in the future. >> >> On 2 Feb 2006, at 14:44, Steve Campbell wrote: >> >>> Mr. Field, >>> >>> If you have time, and can elaborate on what the MW changes from >>> 4.50-12 Beta to 4.50-15 might be, I would appreciate it. I was >>> having some problems with MW after upgrading, mostly with the >>> quarantine views, but was not able to track the problem down. >>> >>> I will upgrade this afternoon, and there is no urgency to this at >>> all. I have a work-around. The upgrade will tell me if it fixes the >>> problem. The Changelog lumps all of the changes for 4.50 into one >>> section, so I can't really tell the differences. >>> >>> Thanks for any reply and no big deal if you deem this a waste of >>> time. >>> Thanks for the superb efforts you always seem to provide! >>> >>> Steve Campbell >>> campbell@cnpapers.com >>> Charleston Newspapers >>> >>> ----- Original Message ----- From: "Julian Field" >>> >>> To: "MailScanner discussion" >>> Sent: Wednesday, February 01, 2006 5:06 PM >>> Subject: Re: Beta to latest stable suggestions >>> >>> >>>> >>>> >>>> Steve Campbell wrote: >>>>> I had installed the 4.50-12 Beta last week to get the latest >>>>> configuration file changes. Is there any reason to upgrade to the >>>>> latest stable? >>>> If you want to use MailWatch, then yes. There are a few other >>>> things too. It will be a painless upgrade. >>>>> Should I have changed the "Minimum Supported Status" in the conf >>>>> file to 'Beta' for the Beta release, and what are the results of >>>>> not doing so if I should have changed this? >>>> No, leave that set to Beta or Supported. >>>> I'm going to remove that option altogether in the next release, >>>> it's worthless now. >>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> Professional Support Services at www.MailScanner.biz >>>> MailScanner thanks transtec Computers for their support >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> - -- Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.4 (Build 4042) >> >> iQEVAwUBQ+Idkvw32o+k+q+hAQHyWQf/c/+W02pWhGiJQV+psiNXYOicLfeeR2xW >> DD0iqwI6YCPsXWLOCQDssyXGvTQ/xaoBCS55mvoluYlU3sOk0mMJcUX0uikesSd6 >> y1etVkaORm50HlNP0zICNezJArdK2PLOkvO/CYgNT5OBJQKfhSprij0crYFoXyT2 >> evw2wTgoqohTBTxwrL5RslBnU4JfkJ3M51wbf2dPtgy3XTCzIbN2a4y8QUyK5YYd >> 7NqRZPJVbuHMSpR38+yNRG36ZALWogdvUF5CDjsph/En2MyB4E5pOQpJmS1ePgAm >> lKdhIGehMqQk157eIAaLdSRLz7gZBKCJxPs3FfERXVOwzaGau3IHLQ== >> =AJ+F >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+Iu6vw32o+k+q+hAQHy3Qf/fy/1/2zl08yNdjJCf+z6FmS0q1R0ZPrb rWNyPOb3MadkjqYY3SmF3aXFvEXe0g3FbFlisg7FHyfI3rgQnjKBdVAhyo1SyVuB pFAdWq6k/TgHSSONcqVElPVh2G7v+1DQ0Y1yYlHAqWTfaYhFSFZFBc/BE/8625ye 4y6vRDATNLE3P75FrfLPkzEVurroF74CoaI33BdQPP7P1rw/wTwktyV/j2a9nWxp 2gm+ibWiM/dMvi0S0W9FLgYxk1VmybbatuOZcEUzQBjM1HYW7dzYgEzc1vIf0Oxd gEhccV6yQGqDxZaeaVNmqgELFm6/TJe6q0xzvIpUm6kQtGhDo7LWdQ== =YpxD -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From campbell at cnpapers.com Thu Feb 2 16:32:19 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Feb 2 16:32:54 2006 Subject: Beta to latest stable suggestions References: <002301c62777$bc980a30$0705000a@DDF5DW71><43E130C9.6000906@ecs.soton.ac.uk><003701c62807$29664c50$0705000a@DDF5DW71><013b01c62811$bc9d5360$0705000a@DDF5DW71> Message-ID: <001001c62816$3e184f90$0705000a@DDF5DW71> ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Thursday, February 02, 2006 11:10 AM Subject: Re: Beta to latest stable suggestions > -----BEGIN PGP SIGNED MESSAGE----- > > > On 2 Feb 2006, at 16:00, Steve Campbell wrote: > >> Mr. Field, >> >> Thanks for the reply and the pointers about the Changelog. The >> ChangeLog on the website is the file I was referring to, and the >> RPM based download does not include the ChangeLog. > > Yes it does. > /usr/share/doc/mailscanner-4.50.12/html/ChangeLog > > Apologies to you. I (ain't that always the way it seems) was using the wrong locate/grep combination. Steve >> I was just curious and was using resources immediately available. >> . >> I realize you don't write MailWatch, but was just wondering about >> your reference to the fact that if I wanted to use MW, I should >> upgrade. >> >> Again, thanks and I download the tar based versions and compare. >> >> Steve >> >> ----- Original Message ----- From: "Julian Field" >> >> To: "MailScanner discussion" >> Sent: Thursday, February 02, 2006 9:56 AM >> Subject: Re: Beta to latest stable suggestions >> >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> >>> I don't write MailWatch, I know nothing about MW changes. >>> If you want to see the difference in MailScanner versions 4.50.12 and >>> 4.50.15 then extract the ChangeLogs from them both and compare the >>> files. >>> >>> The only MailWatch-related change to MailScanner is the addition of >>> one extra configuration option "Always Looked Up Last After Batch" >>> which Steve isn't using yet, but will do in the future. >>> >>> On 2 Feb 2006, at 14:44, Steve Campbell wrote: >>> >>>> Mr. Field, >>>> >>>> If you have time, and can elaborate on what the MW changes from >>>> 4.50-12 Beta to 4.50-15 might be, I would appreciate it. I was >>>> having some problems with MW after upgrading, mostly with the >>>> quarantine views, but was not able to track the problem down. >>>> >>>> I will upgrade this afternoon, and there is no urgency to this at >>>> all. I have a work-around. The upgrade will tell me if it fixes the >>>> problem. The Changelog lumps all of the changes for 4.50 into one >>>> section, so I can't really tell the differences. >>>> >>>> Thanks for any reply and no big deal if you deem this a waste of >>>> time. >>>> Thanks for the superb efforts you always seem to provide! >>>> >>>> Steve Campbell >>>> campbell@cnpapers.com >>>> Charleston Newspapers >>>> >>>> ----- Original Message ----- From: "Julian Field" >>>> >>>> To: "MailScanner discussion" >>>> Sent: Wednesday, February 01, 2006 5:06 PM >>>> Subject: Re: Beta to latest stable suggestions >>>> >>>> >>>>> >>>>> >>>>> Steve Campbell wrote: >>>>>> I had installed the 4.50-12 Beta last week to get the latest >>>>>> configuration file changes. Is there any reason to upgrade to the >>>>>> latest stable? >>>>> If you want to use MailWatch, then yes. There are a few other >>>>> things too. It will be a painless upgrade. >>>>>> Should I have changed the "Minimum Supported Status" in the conf >>>>>> file to 'Beta' for the Beta release, and what are the results of >>>>>> not doing so if I should have changed this? >>>>> No, leave that set to Beta or Supported. >>>>> I'm going to remove that option altogether in the next release, >>>>> it's worthless now. >>>>> >>>>> -- >>>>> Julian Field >>>>> www.MailScanner.info >>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>> Professional Support Services at www.MailScanner.biz >>>>> MailScanner thanks transtec Computers for their support >>>>> >>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>> >>>>> >>>>> -- >>>>> This message has been scanned for viruses and >>>>> dangerous content by MailScanner, and is >>>>> believed to be clean. >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> - -- Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.0.4 (Build 4042) >>> >>> iQEVAwUBQ+Idkvw32o+k+q+hAQHyWQf/c/+W02pWhGiJQV+psiNXYOicLfeeR2xW >>> DD0iqwI6YCPsXWLOCQDssyXGvTQ/xaoBCS55mvoluYlU3sOk0mMJcUX0uikesSd6 >>> y1etVkaORm50HlNP0zICNezJArdK2PLOkvO/CYgNT5OBJQKfhSprij0crYFoXyT2 >>> evw2wTgoqohTBTxwrL5RslBnU4JfkJ3M51wbf2dPtgy3XTCzIbN2a4y8QUyK5YYd >>> 7NqRZPJVbuHMSpR38+yNRG36ZALWogdvUF5CDjsph/En2MyB4E5pOQpJmS1ePgAm >>> lKdhIGehMqQk157eIAaLdSRLz7gZBKCJxPs3FfERXVOwzaGau3IHLQ== >>> =AJ+F >>> -----END PGP SIGNATURE----- >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.4 (Build 4042) > > iQEVAwUBQ+Iu6vw32o+k+q+hAQHy3Qf/fy/1/2zl08yNdjJCf+z6FmS0q1R0ZPrb > rWNyPOb3MadkjqYY3SmF3aXFvEXe0g3FbFlisg7FHyfI3rgQnjKBdVAhyo1SyVuB > pFAdWq6k/TgHSSONcqVElPVh2G7v+1DQ0Y1yYlHAqWTfaYhFSFZFBc/BE/8625ye > 4y6vRDATNLE3P75FrfLPkzEVurroF74CoaI33BdQPP7P1rw/wTwktyV/j2a9nWxp > 2gm+ibWiM/dMvi0S0W9FLgYxk1VmybbatuOZcEUzQBjM1HYW7dzYgEzc1vIf0Oxd > gEhccV6yQGqDxZaeaVNmqgELFm6/TJe6q0xzvIpUm6kQtGhDo7LWdQ== > =YpxD > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From gregg at gbcomputers.com Thu Feb 2 16:33:54 2006 From: gregg at gbcomputers.com (Gregg Berkholtz) Date: Thu Feb 2 16:33:57 2006 Subject: Cannot install DBI with MS 4.50.14 In-Reply-To: References: <20060201182512.GA30959@gbcomputers.com> <43E124E4.6070907@ecs.soton.ac.uk> <20060201220412.GA10311@gbcomputers.com> <6CA19CF5-E8DB-4855-BBC3-3DD2B3D8A136@ecs.soton.ac.uk> <20060202145631.GA7297@gbcomputers.com> Message-ID: <20060202163354.GA9631@gbcomputers.com> I don't have a /etc/sysconfig folder, though a "find / -name i18n" shows a file at /usr/share/i18n/locales/i18n, nothing in it has the string UTF Gregg On Thu, Feb 02, 2006 at 03:15:14PM +0000, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Does your /etc/sysconfig/i18n file mention UTF-8? > If so, remove all the ".UTF-8" strings from the file, the logout and > log back in again. Then try re-installing that module again. > > On 2 Feb 2006, at 14:56, Gregg Berkholtz wrote: > > > perl -v shows: > > This is perl, v5.6.1 built for i386-linux > > > > Though I'm not seeing any errors about =head3, am I just out of luck? > > > > Gregg > > > > On Thu, Feb 02, 2006 at 09:02:35AM +0000, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> > >> What version of perl are you running? > >> > >> On 1 Feb 2006, at 22:04, Gregg Berkholtz wrote: > >> > >>> > >>> ******************************************************************** > >>> ** > >>> **** > >>> Perl versions below 5.6.1 are no longer supported by the DBI. > >>> Perl versions 5.6.x may fail during installation with a complaint > >>> about the use of =head3 in the pod documentation. > >>> Press return to continue... > >>> ******************************************************************** > >>> ** > >>> **** > >>> > >>> On Wed, Feb 01, 2006 at 09:15:16PM +0000, Julian Field wrote: > >>>> Do > >>>> > >>>> perl -MCPAN -e shell > >>>> install Storable > >>>> quit > >>>> > >>>> Make sure it doesn't start upgrading your entire Perl installation, > >>>> thump Ctrl-C like crazy if it does! > >>>> > >>>> Then try running the install.sh again. > >>>> > >>>> Gregg Berkholtz wrote: > >>>>> It appears I cant install DBI as I'm getting the following error > >>>>> after > >>>>> running > >>>>> MailScanner's install.sh on a Debian 3.0 system. Any assistance > >>>>> is greatly > >>>>> appreciated: > >>>>> From ssilva at sgvwater.com Thu Feb 2 17:02:53 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 2 17:08:42 2006 Subject: ALL_TRUSTED problems In-Reply-To: <6.2.3.4.0.20060202105138.0abb6248@mxt.1bigthink.com> References: <223f97700602011640o2eea2318y@mail.gmail.com> <43E1596B.40101@evi-inc.com> <6.2.3.4.0.20060202105138.0abb6248@mxt.1bigthink.com> Message-ID: dnsadmin 1bigthink.com spake the following on 2/2/2006 8:08 AM: > At 07:59 PM 2/1/2006, you wrote: > >> Glenn Steen wrote: >> > On 01/02/06, Richard Edge wrote: >> >> If I change the line: >> >> >> >> Score ALL_TRUSTED 0 >> >> >> >> To: >> >> >> >> core ALL_TRUSTED >> >> >> >> Then the output from "spamassassin -p /etc/mail/mailscanner.cf --lint" >> >> gives me a: >> >> >> >> [22778] warn: config: failed to parse line, skipping: core >> ALL_TRUSTED 0 >> >> [22778] warn: lint: 1 issues detected, please rerun with debug enabled >> >> for more information >> >> >> > >> > Um, does it carp if you don't specify "-p /etc/mail/mailscanner.cf " >> > too? You shouldn't need use it as a preference file> > straws:-)> anymore, since it should be part of the site rules... A >> > plain "spamassassin --lint" should suffice. >> > >> >> Erm, what on earth is mailscanner.cf doing in /etc/mail/?? >> >> it belongs in /etc/mail/spamassassin or /etc/spamassassin, or some other >> directory containing the word "spamassassin" depending on how your SA >> is configured. >> >> Realistically you should *NEVER*, EVER under any condition use -p to >> point to >> any site-level file. It should only point to a user level file. >> >> Mailscanner.cf is NOT a user level file. >> >> The whole reason mailscanner.cf was created was to ensure it was NOT >> used as a >> user prefs file. mailscanner.cf contains options that are ONLY valid >> at the >> site-wide level. Do NOT pass this -p. It belongs in the SA site-config >> directory >> so SA always parses it, and to make sure that SA correctly parses it. >> >> If it's not in the site config directory, SA won't parse it when >> mailscanner runs. >> >> New versions of Mailscanner do NOT pass mailscanner.cf as a user prefs >> file, >> thus by adding -p you are changing the behavior of spamassassin to be >> different >> than what Mailscanner does with it. >> >> I know this is contrary to how old versions of MS worked. In old >> versions, >> spam.assassin.prefs.conf was passed as a user_prefs replacement. >> However, This >> file kept pushing options in which are only valid at the site level. >> It also >> pushed options such as bayes_path which need to be passed to all >> instances of sa >> on the system, such as sa-learn. >> >> After some prodding, Julian finally created MailScanner.cf, a file to >> be placed >> alongside local.cf and other site-wide config files. This way any call >> to SA >> automatically parses this file. >> > > This is what got my pulse going yesterday and prompted me to join the > thread! This plopped into my personal mail address and the only reason > it did not get tagged was due to the ALL_TRUSTED rule. > > Subject: [#yruxdjtp] Shaved Teen Bending from Over & Showing Upskirt > Movies > MIME-Version: 1.0 > Content-Type: text/plain; charset="iso-8859-1" > Content-Transfer-Encoding: 7bit > > X-1bigthink.com-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.917, > required 5, ALL_TRUSTED -3.30, BAYES_50 0.00, HOT_NASTY 0.09, > SARE_ADULT2 1.67, URIBL_JP_SURBL 4.00, URIBL_WS_SURBL 1.46) > > I operate on Sprint public IP space that is not NAT'd. I am priviledged > to answer my own PTR - RDNS. No gateway. > > I do not have any trusted hosts defined. Here is the output of my ' > spamassassin --lint -D' > > debug: SpamAssassin version 3.0.3 > debug: Score set 0 chosen. > debug: running in taint mode? yes > debug: Running in taint mode, removing unsafe env vars, and resetting PATH > debug: PATH included '/usr/kerberos/sbin', keeping. > debug: PATH included '/usr/kerberos/bin', keeping. > debug: PATH included '/usr/local/sbin', keeping. > debug: PATH included '/usr/local/bin', keeping. > debug: PATH included '/sbin', keeping. > debug: PATH included '/bin', keeping. > debug: PATH included '/usr/sbin', keeping. > debug: PATH included '/usr/bin', keeping. > debug: PATH included '/usr/X11R6/bin', keeping. > debug: PATH included '/root/bin', which doesn't exist, dropping. > debug: Final PATH set to: > /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin > > debug: diag: module installed: DBI, version 1.32 > debug: diag: module installed: DB_File, version 1.810 > debug: diag: module installed: Digest::SHA1, version 2.10 > debug: diag: module installed: IO::Socket::UNIX, version 1.2 > debug: diag: module installed: MIME::Base64, version 2.12 > debug: diag: module installed: Net::DNS, version 0.48 > debug: diag: module not installed: Net::LDAP ('require' failed) > debug: diag: module not installed: Razor2::Client::Agent ('require' failed) > debug: diag: module installed: Storable, version 2.06 > debug: diag: module installed: URI, version 1.35 > debug: ignore: using a test message to lint rules > debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre > debug: config: read file /etc/mail/spamassassin/init.pre > debug: using "/usr/share/spamassassin" for default rules dir > debug: config: read file /usr/share/spamassassin/10_misc.cf > debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf > debug: config: read file /usr/share/spamassassin/20_body_tests.cf > debug: config: read file /usr/share/spamassassin/20_compensate.cf > debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf > debug: config: read file /usr/share/spamassassin/20_drugs.cf > debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf > debug: config: read file /usr/share/spamassassin/20_head_tests.cf > debug: config: read file /usr/share/spamassassin/20_html_tests.cf > debug: config: read file /usr/share/spamassassin/20_meta_tests.cf > debug: config: read file /usr/share/spamassassin/20_phrases.cf > debug: config: read file /usr/share/spamassassin/20_porn.cf > debug: config: read file /usr/share/spamassassin/20_ratware.cf > debug: config: read file /usr/share/spamassassin/20_uri_tests.cf > debug: config: read file /usr/share/spamassassin/23_bayes.cf > debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf > debug: config: read file /usr/share/spamassassin/25_hashcash.cf > debug: config: read file /usr/share/spamassassin/25_spf.cf > debug: config: read file /usr/share/spamassassin/25_uribl.cf > debug: config: read file /usr/share/spamassassin/30_text_de.cf > debug: config: read file /usr/share/spamassassin/30_text_fr.cf > debug: config: read file /usr/share/spamassassin/30_text_nl.cf > debug: config: read file /usr/share/spamassassin/30_text_pl.cf > debug: config: read file /usr/share/spamassassin/50_scores.cf > debug: config: read file /usr/share/spamassassin/60_whitelist.cf > debug: using "/etc/mail/spamassassin" for site rules dir > debug: config: read file /etc/mail/spamassassin/70_sare_adult.cf > debug: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf > debug: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj0.cf > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj1.cf > debug: config: read file /etc/mail/spamassassin/70_sare_header.cf > debug: config: read file /etc/mail/spamassassin/70_sare_header0.cf > debug: config: read file /etc/mail/spamassassin/70_sare_header1.cf > debug: config: read file /etc/mail/spamassassin/70_sare_html.cf > debug: config: read file /etc/mail/spamassassin/70_sare_html0.cf > debug: config: read file /etc/mail/spamassassin/70_sare_html1.cf > debug: config: read file /etc/mail/spamassassin/70_sare_oem.cf > debug: config: read file /etc/mail/spamassassin/70_sare_random.cf > debug: config: read file /etc/mail/spamassassin/70_sare_specific.cf > debug: config: read file /etc/mail/spamassassin/70_sare_spoof.cf > debug: config: read file /etc/mail/spamassassin/70_sare_unsub.cf > debug: config: read file /etc/mail/spamassassin/70_sare_uri0.cf > debug: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf > debug: config: read file > /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf > debug: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf > debug: config: read file /etc/mail/spamassassin/local.cf > debug: config: read file /etc/mail/spamassassin/tripwire.cf > debug: using "/root/.spamassassin" for user state dir > debug: using "/root/.spamassassin/user_prefs" for user prefs file > debug: config: read file /root/.spamassassin/user_prefs > debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC > debug: plugin: registered > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) > debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC > debug: plugin: registered > Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168) > debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78) > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) > implements 'parse_config' > debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168) > implements 'parse_config' > debug: using "/root/.spamassassin" for user state dir > debug: bayes: 28513 tie-ing to DB file R/O /root/.spamassassin/bayes_toks > debug: bayes: 28513 tie-ing to DB file R/O /root/.spamassassin/bayes_seen > debug: bayes: found bayes db version 3 > debug: using "/root/.spamassassin" for user state dir > debug: Score set 3 chosen. > debug: ---- MIME PARSER START ---- > debug: main message type: text/plain > debug: parsing normal part > debug: added part, type: text/plain > debug: ---- MIME PARSER END ---- > debug: metadata: X-Spam-Relays-Trusted: > debug: metadata: X-Spam-Relays-Untrusted: > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) > implements 'parsed_metadata' > debug: is Net::DNS::Resolver available? yes > debug: Net::DNS version: 0.48 > debug: trying (3) gmx.net... > debug: looking up NS for 'gmx.net' > debug: NS lookup of gmx.net succeeded => Dns available (set > dns_available to hardcode) > debug: is DNS available? 1 > debug: decoding: no encoding detected > debug: URIDNSBL: domains to query: > debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org > debug: Running tests for priority: 0 > debug: running header regexp tests; score so far=0 > debug: registering glue method for check_hashcash_double_spend > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168)) > debug: registering glue method for check_for_spf_helo_pass > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) > debug: SPF: message was delivered entirely via trusted relays, not required > debug: registering glue method for check_hashcash_value > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168)) > debug: all '*To' addrs: > debug: registering glue method for check_for_spf_softfail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) > debug: SPF: message was delivered entirely via trusted relays, not required > debug: registering glue method for check_for_spf_pass > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) > debug: registering glue method for check_for_spf_helo_softfail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) > debug: registering glue method for check_for_spf_fail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) > debug: registering glue method for check_for_spf_helo_fail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) > debug: running body-text per-line regexp tests; score so far=-3.174 > debug: running uri tests; score so far=-3.174 > debug: registering glue method for check_uridnsbl > (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c)) > debug: bayes corpus size: nspam = 4620, nham = 408 > debug: tokenize: header tokens for *F = "U*ignore > D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org > D*org" > debug: tokenize: header tokens for *m = " 1138895936 lint_rules " > debug: tokenize: header tokens for *RT = " " > debug: tokenize: header tokens for *RU = " " > debug: bayes token 'body' => 0.946350853491789 > debug: bayes token 'H*Ad:D*org' => 0.0946204880029939 > debug: bayes: score = 0.429821922703648 > debug: bayes: 28513 untie-ing > debug: bayes: 28513 untie-ing db_toks > debug: bayes: 28513 untie-ing db_seen > debug: Razor2 is not available > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) > implements 'check_tick' > debug: running raw-body-text per-line regexp tests; score so far=-3.173 > debug: running full-text regexp tests; score so far=-3.173 > debug: Razor2 is not available > debug: Current PATH is: > /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin > > debug: Pyzor is not available: pyzor not found > debug: DCCifd is not available: no r/w dccifd socket found. > debug: DCC is not available: no executable dccproc found. > debug: Running tests for priority: 500 > debug: RBL: success for 1 of 1 queries > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) > implements 'check_post_dnsbl' > debug: running meta tests; score so far=-3.173 > debug: running header regexp tests; score so far=-1.947 > debug: running body-text per-line regexp tests; score so far=-1.947 > debug: running uri tests; score so far=-1.947 > debug: running raw-body-text per-line regexp tests; score so far=-1.947 > debug: running full-text regexp tests; score so far=-1.947 > debug: Running tests for priority: 1000 > debug: running meta tests; score so far=-1.947 > debug: running header regexp tests; score so far=-1.947 > debug: using "/root/.spamassassin" for user state dir > debug: lock: 28513 created > /root/.spamassassin/auto-whitelist.lock.mxt.1bigthink.com.28513 > debug: lock: 28513 trying to get lock on > /root/.spamassassin/auto-whitelist with 0 retries > debug: lock: 28513 link to /root/.spamassassin/auto-whitelist.lock: link ok > debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist > debug: auto-whitelist (db-based): > ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 > debug: AWL active, pre-score: -1.947, autolearn score: -1.947, mean: > undef, IP: undef > debug: DB addr list: untie-ing and unlocking. > debug: DB addr list: file locked, breaking lock. > debug: unlock: 28513 unlink /root/.spamassassin/auto-whitelist.lock > debug: Post AWL score: -1.947 > debug: running body-text per-line regexp tests; score so far=-1.947 > debug: running uri tests; score so far=-1.947 > debug: running raw-body-text per-line regexp tests; score so far=-1.947 > debug: running full-text regexp tests; score so far=-1.947 > debug: is spam? score=-1.947 required=4.57 > debug: > tests=ALL_TRUSTED,BAYES_50,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME > debug: > subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID > > > Any advice greatly appreciated. Comments to the effect that this > messagewas a fluke at getting by would be acceptable at this point too. > I think I do understand the issue a lot better, now. > > Thanks, > Glenn Parsons Have you considered upgrading to spamassassin 3.1.0? Maybe a munged file in spamassassin, and the upgrade might kick it into submission. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From dmehler26 at woh.rr.com Thu Feb 2 17:06:12 2006 From: dmehler26 at woh.rr.com (Dave) Date: Thu Feb 2 17:15:25 2006 Subject: mailscanner and perdomain white and blacklists References: <003f01c62787$c3f61370$0200a8c0@satellite> <43E157B3.3060109@taz-mania.com> Message-ID: <002701c6281a$f8ca5c30$0200a8c0@satellite> Hi, Thanks for your reply. I'm taking over this box from a previous guy, mailwatch might already be setup, mysql is although i don't know if it's integrated in to mailscanner, about ten things are flagged first. Do you have a howto on setting mailscanner, mailwatch, and mysql up? I'm particularly needing the how individual users can manage their own lists part? Thanks a lot. Dave. ----- Original Message ----- From: "Dennis Willson" To: "MailScanner discussion" Sent: Wednesday, February 01, 2006 7:52 PM Subject: Re: mailscanner and perdomain white and blacklists > Try using mailwatch.... It does this very nicely and uses a mysql database > for the white and black lists. There is even a way for the users to manage > their own lists. > > Dave wrote: >> Hello, >> I've got a mailscanner install with sendmail. It's working fine and >> it's working for multiple users. Now i'm getting requests from user a to >> add a username/domain to a blacklist file and user b to add another >> username/domain to a whitelist file. These i'm thinking should be >> separate as they are separate domains. This is on an fc4 box. Is this >> doable, any help appreciated. >> Thanks. >> Dave. >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From dmehler26 at woh.rr.com Thu Feb 2 17:09:49 2006 From: dmehler26 at woh.rr.com (Dave) Date: Thu Feb 2 17:19:05 2006 Subject: mailscanner and perdomain white and blacklists References: <003f01c62787$c3f61370$0200a8c0@satellite> <46930868-3367-42BE-91FD-75B47F99B677@ecs.soton.ac.uk> Message-ID: <002b01c6281b$79cb1c20$0200a8c0@satellite> Hi Julian, Thanks for your reply. I haven't had a moment yet to check out that boxes mailscanner.conf except except just a quick overview of the mta-specific settings. Can the spam whitelists and blacklists be used on a perdomain basis? For example, i've got domain1.com and domain2.com. The user at domain1.com wants a user added to his spam whitelist while the user at domain2.com wants a spammer added to his spam blacklist. Ideally i believe these users at domain 1 and 2 .com want independent lists. Thanks a lot. Dave. ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Thursday, February 02, 2006 4:09 AM Subject: Re: mailscanner and perdomain white and blacklists > -----BEGIN PGP SIGNED MESSAGE----- > > On 1 Feb 2006, at 23:32, Dave wrote: > >> Hello, >> I've got a mailscanner install with sendmail. It's working fine >> and it's working for multiple users. Now i'm getting requests from >> user a to add a username/domain to a blacklist file and user b to >> add another username/domain to a whitelist file. These i'm thinking >> should be separate as they are separate domains. This is on an fc4 >> box. Is this doable, any help appreciated. >> Thanks. >> Dave. > > Blacklist or whitelist in what sense? You basically just need a > couple of rulesets, one for your blacklist and one for your > whitelist. There is already a spam.whitelist.rules which you can use > as a sample from which to create and use a spam.blacklist.rules file. > Look in MailScanner.conf for spam.whitelist.rules and you will see > how to refer a setting to a rules file. > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.4 (Build 4042) > > iQEVAwUBQ+HMSPw32o+k+q+hAQFcjgf/b7C67K+nPF2k5yRxvHN4rmRhxSQuV+Eo > ALqzDcgMPMNSnHGBTC2S0C+XPgzx0Fa3RIMzw7vMIHDuL6O5Gme4C2Hco4B6+taX > vKISOpZ3mWI0HVWPYfytXBZwCBYG0MJBrIXDOr5pH/+R2HRxfQ0UGRkt63nojNiH > D668v55qOGNMjxGx0JR9qLJNQhxtFaGMBvmZ8D5j74B1H+UX/yhL15hXgvST1lyO > rQgiX+Fmc4ZIFhgc6G362AC5iSIh2ebXrYnyo9mt2Jdzu2KTScZjR7A0xKiPWOf5 > uVmaHMRFV8TVe+068DKrdpnT0l9BDGuwW1aFznE5vAk2hCL3rz6jTA== > =2N0u > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Feb 2 17:28:42 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 17:28:44 2006 Subject: mailscanner and perdomain white and blacklists In-Reply-To: <002b01c6281b$79cb1c20$0200a8c0@satellite> References: <003f01c62787$c3f61370$0200a8c0@satellite> <46930868-3367-42BE-91FD-75B47F99B677@ecs.soton.ac.uk> <002b01c6281b$79cb1c20$0200a8c0@satellite> Message-ID: <43E2414A.90901@ecs.soton.ac.uk> There is code to do this in CustomConfig.pm in /usr/lib/MailScanner/MailScanner. There is documentation in there that will tell you how to enable the code and how to set everything up for it. Look for the Per-Domain whitelist and blacklist code and you'll find it, there is code in the same file for other add-on features as well. If you have trouble setting it up or getting it basically working, then give me a shout (possibly on IRC) and I'll try to help where I can. It's not hard, you don't have to write any code or anything to make it all work :-) Dave wrote: > Hi Julian, > Thanks for your reply. I haven't had a moment yet to check out that > boxes mailscanner.conf except except just a quick overview of the > mta-specific settings. Can the spam whitelists and blacklists be used > on a perdomain basis? For example, i've got domain1.com and > domain2.com. The user at domain1.com wants a user added to his spam > whitelist while the user at domain2.com wants a spammer added to his > spam blacklist. Ideally i believe these users at domain 1 and 2 .com > want independent lists. > Thanks a lot. > Dave. > > ----- Original Message ----- From: "Julian Field" > > To: "MailScanner discussion" > Sent: Thursday, February 02, 2006 4:09 AM > Subject: Re: mailscanner and perdomain white and blacklists > > >> -----BEGIN PGP SIGNED MESSAGE----- >> >> On 1 Feb 2006, at 23:32, Dave wrote: >> >>> Hello, >>> I've got a mailscanner install with sendmail. It's working fine >>> and it's working for multiple users. Now i'm getting requests from >>> user a to add a username/domain to a blacklist file and user b to >>> add another username/domain to a whitelist file. These i'm thinking >>> should be separate as they are separate domains. This is on an fc4 >>> box. Is this doable, any help appreciated. >>> Thanks. >>> Dave. >> >> Blacklist or whitelist in what sense? You basically just need a >> couple of rulesets, one for your blacklist and one for your >> whitelist. There is already a spam.whitelist.rules which you can use >> as a sample from which to create and use a spam.blacklist.rules file. >> Look in MailScanner.conf for spam.whitelist.rules and you will see >> how to refer a setting to a rules file. >> - -- Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.4 (Build 4042) >> >> iQEVAwUBQ+HMSPw32o+k+q+hAQFcjgf/b7C67K+nPF2k5yRxvHN4rmRhxSQuV+Eo >> ALqzDcgMPMNSnHGBTC2S0C+XPgzx0Fa3RIMzw7vMIHDuL6O5Gme4C2Hco4B6+taX >> vKISOpZ3mWI0HVWPYfytXBZwCBYG0MJBrIXDOr5pH/+R2HRxfQ0UGRkt63nojNiH >> D668v55qOGNMjxGx0JR9qLJNQhxtFaGMBvmZ8D5j74B1H+UX/yhL15hXgvST1lyO >> rQgiX+Fmc4ZIFhgc6G362AC5iSIh2ebXrYnyo9mt2Jdzu2KTScZjR7A0xKiPWOf5 >> uVmaHMRFV8TVe+068DKrdpnT0l9BDGuwW1aFznE5vAk2hCL3rz6jTA== >> =2N0u >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dyioulos at firstbhph.com Thu Feb 2 17:42:33 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Thu Feb 2 17:42:39 2006 Subject: mailscanner and perdomain white and blacklists In-Reply-To: <43E2414A.90901@ecs.soton.ac.uk> References: <003f01c62787$c3f61370$0200a8c0@satellite> <002b01c6281b$79cb1c20$0200a8c0@satellite> <43E2414A.90901@ecs.soton.ac.uk> Message-ID: <200602021242.34319.dyioulos@firstbhph.com> Julian, I hope this isn't a totally lame question, but can the directives "Is Definitely Not Spam" and Is Definitely Not Spam" take more than one argument (point to multiple sources? Here's why: I have one colleague who emails me regularly from outside our system. ?His mail is marked as spam (listed in RBL, although his ISP doesn't seem to show up in RBLs). ?I want to whitelist him/exclude him from being scanned. ?I'm using SQLWhiteBlackList.pm, and it works for individual ip addresses. ?I also added a tweak to white/blacklist addresses based on the first three address octets, but I'm not sure it that works. ?As my colleague's ISP uses several mail servers to send his mail, it's problematic to try and add every possible mail server address to the whitelist. ?I've tried adding his email address and our domain to the whitelist, but that doesn't seem to work. ?I also created a file in the MailScanner rules dir called scan.messages.rules, added him, and set Scan Messages = %rules_dir%/scan.messages.rules in MailScanner, but no joy. How do I accomplish this? Regards, Dimitri PS - I cross-posted this to the Mailwatch list because I wasn't sure which was appropriate - apologies if I boo-booed. On Thursday February 02 2006 12:28 pm, Julian Field wrote: > There is code to do this in CustomConfig.pm in > /usr/lib/MailScanner/MailScanner. There is documentation in there that > will tell you how to enable the code and how to set everything up for > it. Look for the Per-Domain whitelist and blacklist code and you'll find > it, there is code in the same file for other add-on features as well. > > If you have trouble setting it up or getting it basically working, then > give me a shout (possibly on IRC) and I'll try to help where I can. > > It's not hard, you don't have to write any code or anything to make it > all work > > :-) > > Dave wrote: > > Hi Julian, > > Thanks for your reply. I haven't had a moment yet to check out that > > boxes mailscanner.conf except except just a quick overview of the > > mta-specific settings. Can the spam whitelists and blacklists be used > > on a perdomain basis? For example, i've got domain1.com and > > domain2.com. The user at domain1.com wants a user added to his spam > > whitelist while the user at domain2.com wants a spammer added to his > > spam blacklist. Ideally i believe these users at domain 1 and 2 .com > > want independent lists. > > Thanks a lot. > > Dave. > > > > ----- Original Message ----- From: "Julian Field" > > > > To: "MailScanner discussion" > > Sent: Thursday, February 02, 2006 4:09 AM > > Subject: Re: mailscanner and perdomain white and blacklists > > > >> -----BEGIN PGP SIGNED MESSAGE----- > >> > >> On 1 Feb 2006, at 23:32, Dave wrote: > >>> Hello, > >>> I've got a mailscanner install with sendmail. It's working fine > >>> and it's working for multiple users. Now i'm getting requests from > >>> user a to add a username/domain to a blacklist file and user b to > >>> add another username/domain to a whitelist file. These i'm thinking > >>> should be separate as they are separate domains. This is on an fc4 > >>> box. Is this doable, any help appreciated. > >>> Thanks. > >>> Dave. > >> > >> Blacklist or whitelist in what sense? You basically just need a > >> couple of rulesets, one for your blacklist and one for your > >> whitelist. There is already a spam.whitelist.rules which you can use > >> as a sample from which to create and use a spam.blacklist.rules file. > >> Look in MailScanner.conf for spam.whitelist.rules and you will see > >> how to refer a setting to a rules file. > >> - -- Julian Field > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >> > >> -----BEGIN PGP SIGNATURE----- > >> Version: PGP Desktop 9.0.4 (Build 4042) > >> > >> iQEVAwUBQ+HMSPw32o+k+q+hAQFcjgf/b7C67K+nPF2k5yRxvHN4rmRhxSQuV+Eo > >> ALqzDcgMPMNSnHGBTC2S0C+XPgzx0Fa3RIMzw7vMIHDuL6O5Gme4C2Hco4B6+taX > >> vKISOpZ3mWI0HVWPYfytXBZwCBYG0MJBrIXDOr5pH/+R2HRxfQ0UGRkt63nojNiH > >> D668v55qOGNMjxGx0JR9qLJNQhxtFaGMBvmZ8D5j74B1H+UX/yhL15hXgvST1lyO > >> rQgiX+Fmc4ZIFhgc6G362AC5iSIh2ebXrYnyo9mt2Jdzu2KTScZjR7A0xKiPWOf5 > >> uVmaHMRFV8TVe+068DKrdpnT0l9BDGuwW1aFznE5vAk2hCL3rz6jTA== > >> =2N0u > >> -----END PGP SIGNATURE----- > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 2 17:50:01 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 17:50:09 2006 Subject: mailscanner and perdomain white and blacklists In-Reply-To: <200602021242.34319.dyioulos@firstbhph.com> References: <003f01c62787$c3f61370$0200a8c0@satellite> <002b01c6281b$79cb1c20$0200a8c0@satellite> <43E2414A.90901@ecs.soton.ac.uk> <200602021242.34319.dyioulos@firstbhph.com> Message-ID: <43E24649.4000105@ecs.soton.ac.uk> Dimitri Yioulos wrote: > Julian, > > I hope this isn't a totally lame question, but can the directives "Is > Definitely Not Spam" and Is Definitely Not Spam" take more than one argument > (point to multiple sources? Here's why: > You can do From: friend@nicesite.com and 152.34. yes into a ruleset. Does that help? If not, I don't quite understand what you are getting at. > I have one colleague who emails me regularly from outside our system. His > mail is marked as spam (listed in RBL, although his ISP doesn't seem to show > up in RBLs). I want to whitelist him/exclude him from being scanned. I'm > using SQLWhiteBlackList.pm, and it works for individual ip addresses. I also > added a tweak to white/blacklist addresses based on the first three address > octets, but I'm not sure it that works. As my colleague's ISP uses several > mail servers to send his mail, it's problematic to try and add every possible > mail server address to the whitelist. I've tried adding his email address > and our domain to the whitelist, but that doesn't seem to work. I also > created a file in the MailScanner rules dir called scan.messages.rules, added > him, and set Scan Messages = %rules_dir%/scan.messages.rules in MailScanner, > but no joy. > > How do I accomplish this? > > Regards, > > Dimitri > > PS - I cross-posted this to the Mailwatch list because I wasn't sure which was > appropriate - apologies if I boo-booed. > > > On Thursday February 02 2006 12:28 pm, Julian Field wrote: > >> There is code to do this in CustomConfig.pm in >> /usr/lib/MailScanner/MailScanner. There is documentation in there that >> will tell you how to enable the code and how to set everything up for >> it. Look for the Per-Domain whitelist and blacklist code and you'll find >> it, there is code in the same file for other add-on features as well. >> >> If you have trouble setting it up or getting it basically working, then >> give me a shout (possibly on IRC) and I'll try to help where I can. >> >> It's not hard, you don't have to write any code or anything to make it >> all work >> >> :-) >> >> Dave wrote: >> >>> Hi Julian, >>> Thanks for your reply. I haven't had a moment yet to check out that >>> boxes mailscanner.conf except except just a quick overview of the >>> mta-specific settings. Can the spam whitelists and blacklists be used >>> on a perdomain basis? For example, i've got domain1.com and >>> domain2.com. The user at domain1.com wants a user added to his spam >>> whitelist while the user at domain2.com wants a spammer added to his >>> spam blacklist. Ideally i believe these users at domain 1 and 2 .com >>> want independent lists. >>> Thanks a lot. >>> Dave. >>> >>> ----- Original Message ----- From: "Julian Field" >>> >>> To: "MailScanner discussion" >>> Sent: Thursday, February 02, 2006 4:09 AM >>> Subject: Re: mailscanner and perdomain white and blacklists >>> >>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> >>>> On 1 Feb 2006, at 23:32, Dave wrote: >>>> >>>>> Hello, >>>>> I've got a mailscanner install with sendmail. It's working fine >>>>> and it's working for multiple users. Now i'm getting requests from >>>>> user a to add a username/domain to a blacklist file and user b to >>>>> add another username/domain to a whitelist file. These i'm thinking >>>>> should be separate as they are separate domains. This is on an fc4 >>>>> box. Is this doable, any help appreciated. >>>>> Thanks. >>>>> Dave. >>>>> >>>> Blacklist or whitelist in what sense? You basically just need a >>>> couple of rulesets, one for your blacklist and one for your >>>> whitelist. There is already a spam.whitelist.rules which you can use >>>> as a sample from which to create and use a spam.blacklist.rules file. >>>> Look in MailScanner.conf for spam.whitelist.rules and you will see >>>> how to refer a setting to a rules file. >>>> - -- Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: PGP Desktop 9.0.4 (Build 4042) >>>> >>>> iQEVAwUBQ+HMSPw32o+k+q+hAQFcjgf/b7C67K+nPF2k5yRxvHN4rmRhxSQuV+Eo >>>> ALqzDcgMPMNSnHGBTC2S0C+XPgzx0Fa3RIMzw7vMIHDuL6O5Gme4C2Hco4B6+taX >>>> vKISOpZ3mWI0HVWPYfytXBZwCBYG0MJBrIXDOr5pH/+R2HRxfQ0UGRkt63nojNiH >>>> D668v55qOGNMjxGx0JR9qLJNQhxtFaGMBvmZ8D5j74B1H+UX/yhL15hXgvST1lyO >>>> rQgiX+Fmc4ZIFhgc6G362AC5iSIh2ebXrYnyo9mt2Jdzu2KTScZjR7A0xKiPWOf5 >>>> uVmaHMRFV8TVe+068DKrdpnT0l9BDGuwW1aFznE5vAk2hCL3rz6jTA== >>>> =2N0u >>>> -----END PGP SIGNATURE----- >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dnsadmin at 1bigthink.com Thu Feb 2 17:56:28 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Thu Feb 2 17:56:35 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: <223f97700602011640o2eea2318y@mail.gmail.com> <43E1596B.40101@evi-inc.com> <6.2.3.4.0.20060202105138.0abb6248@mxt.1bigthink.com> Message-ID: <6.2.3.4.0.20060202125523.07bbbd60@mxt.1bigthink.com> At 12:02 PM 2/2/2006, you wrote: >dnsadmin 1bigthink.com spake the following on 2/2/2006 8:08 AM: > > At 07:59 PM 2/1/2006, you wrote: > > > >> Glenn Steen wrote: > >> > On 01/02/06, Richard Edge wrote: > >> >> If I change the line: > >> >> > >> >> Score ALL_TRUSTED 0 > >> >> > >> >> To: > >> >> > >> >> core ALL_TRUSTED > >> >> > >> >> Then the output from "spamassassin -p /etc/mail/mailscanner.cf --lint" > >> >> gives me a: > >> >> > >> >> [22778] warn: config: failed to parse line, skipping: core > >> ALL_TRUSTED 0 > >> >> [22778] warn: lint: 1 issues detected, please rerun with debug enabled > >> >> for more information > >> >> > >> > > >> > Um, does it carp if you don't specify "-p /etc/mail/mailscanner.cf " > >> > too? You shouldn't need use it as a preference file >> > straws:-)> anymore, since it should be part of the site rules... A > >> > plain "spamassassin --lint" should suffice. > >> > > >> > >> Erm, what on earth is mailscanner.cf doing in /etc/mail/?? > >> > >> it belongs in /etc/mail/spamassassin or /etc/spamassassin, or some other > >> directory containing the word "spamassassin" depending on how your SA > >> is configured. > >> > >> Realistically you should *NEVER*, EVER under any condition use -p to > >> point to > >> any site-level file. It should only point to a user level file. > >> > >> Mailscanner.cf is NOT a user level file. > >> > >> The whole reason mailscanner.cf was created was to ensure it was NOT > >> used as a > >> user prefs file. mailscanner.cf contains options that are ONLY valid > >> at the > >> site-wide level. Do NOT pass this -p. It belongs in the SA site-config > >> directory > >> so SA always parses it, and to make sure that SA correctly parses it. > >> > >> If it's not in the site config directory, SA won't parse it when > >> mailscanner runs. > >> > >> New versions of Mailscanner do NOT pass mailscanner.cf as a user prefs > >> file, > >> thus by adding -p you are changing the behavior of spamassassin to be > >> different > >> than what Mailscanner does with it. > >> > >> I know this is contrary to how old versions of MS worked. In old > >> versions, > >> spam.assassin.prefs.conf was passed as a user_prefs replacement. > >> However, This > >> file kept pushing options in which are only valid at the site level. > >> It also > >> pushed options such as bayes_path which need to be passed to all > >> instances of sa > >> on the system, such as sa-learn. > >> > >> After some prodding, Julian finally created MailScanner.cf, a file to > >> be placed > >> alongside local.cf and other site-wide config files. This way any call > >> to SA > >> automatically parses this file. > >> > > > > This is what got my pulse going yesterday and prompted me to join the > > thread! This plopped into my personal mail address and the only reason > > it did not get tagged was due to the ALL_TRUSTED rule. > > > > Subject: [#yruxdjtp] Shaved Teen Bending from Over & Showing Upskirt > > Movies > > MIME-Version: 1.0 > > Content-Type: text/plain; charset="iso-8859-1" > > Content-Transfer-Encoding: 7bit > > > > X-1bigthink.com-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.917, > > required 5, ALL_TRUSTED -3.30, BAYES_50 0.00, HOT_NASTY 0.09, > > SARE_ADULT2 1.67, URIBL_JP_SURBL 4.00, URIBL_WS_SURBL 1.46) > > > > I operate on Sprint public IP space that is not NAT'd. I am priviledged > > to answer my own PTR - RDNS. No gateway. > > > > I do not have any trusted hosts defined. Here is the output of my ' > > spamassassin --lint -D' > > > > debug: SpamAssassin version 3.0.3 > > debug: Score set 0 chosen. > > debug: running in taint mode? yes > > debug: Running in taint mode, removing unsafe env vars, and resetting PATH > > debug: PATH included '/usr/kerberos/sbin', keeping. > > debug: PATH included '/usr/kerberos/bin', keeping. > > debug: PATH included '/usr/local/sbin', keeping. > > debug: PATH included '/usr/local/bin', keeping. > > debug: PATH included '/sbin', keeping. > > debug: PATH included '/bin', keeping. > > debug: PATH included '/usr/sbin', keeping. > > debug: PATH included '/usr/bin', keeping. > > debug: PATH included '/usr/X11R6/bin', keeping. > > debug: PATH included '/root/bin', which doesn't exist, dropping. > > debug: Final PATH set to: > > > /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin > > > > debug: diag: module installed: DBI, version 1.32 > > debug: diag: module installed: DB_File, version 1.810 > > debug: diag: module installed: Digest::SHA1, version 2.10 > > debug: diag: module installed: IO::Socket::UNIX, version 1.2 > > debug: diag: module installed: MIME::Base64, version 2.12 > > debug: diag: module installed: Net::DNS, version 0.48 > > debug: diag: module not installed: Net::LDAP ('require' failed) > > debug: diag: module not installed: Razor2::Client::Agent ('require' failed) > > debug: diag: module installed: Storable, version 2.06 > > debug: diag: module installed: URI, version 1.35 > > debug: ignore: using a test message to lint rules > > debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre > > debug: config: read file /etc/mail/spamassassin/init.pre > > debug: using "/usr/share/spamassassin" for default rules dir > > debug: config: read file /usr/share/spamassassin/10_misc.cf > > debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf > > debug: config: read file /usr/share/spamassassin/20_body_tests.cf > > debug: config: read file /usr/share/spamassassin/20_compensate.cf > > debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf > > debug: config: read file /usr/share/spamassassin/20_drugs.cf > > debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf > > debug: config: read file /usr/share/spamassassin/20_head_tests.cf > > debug: config: read file /usr/share/spamassassin/20_html_tests.cf > > debug: config: read file /usr/share/spamassassin/20_meta_tests.cf > > debug: config: read file /usr/share/spamassassin/20_phrases.cf > > debug: config: read file /usr/share/spamassassin/20_porn.cf > > debug: config: read file /usr/share/spamassassin/20_ratware.cf > > debug: config: read file /usr/share/spamassassin/20_uri_tests.cf > > debug: config: read file /usr/share/spamassassin/23_bayes.cf > > debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf > > debug: config: read file /usr/share/spamassassin/25_hashcash.cf > > debug: config: read file /usr/share/spamassassin/25_spf.cf > > debug: config: read file /usr/share/spamassassin/25_uribl.cf > > debug: config: read file /usr/share/spamassassin/30_text_de.cf > > debug: config: read file /usr/share/spamassassin/30_text_fr.cf > > debug: config: read file /usr/share/spamassassin/30_text_nl.cf > > debug: config: read file /usr/share/spamassassin/30_text_pl.cf > > debug: config: read file /usr/share/spamassassin/50_scores.cf > > debug: config: read file /usr/share/spamassassin/60_whitelist.cf > > debug: using "/etc/mail/spamassassin" for site rules dir > > debug: config: read file /etc/mail/spamassassin/70_sare_adult.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj0.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj1.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_header.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_header0.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_header1.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_html.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_html0.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_html1.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_oem.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_random.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_specific.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_spoof.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_unsub.cf > > debug: config: read file /etc/mail/spamassassin/70_sare_uri0.cf > > debug: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf > > debug: config: read file > > /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf > > debug: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf > > debug: config: read file /etc/mail/spamassassin/local.cf > > debug: config: read file /etc/mail/spamassassin/tripwire.cf > > debug: using "/root/.spamassassin" for user state dir > > debug: using "/root/.spamassassin/user_prefs" for user prefs file > > debug: config: read file /root/.spamassassin/user_prefs > > debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC > > debug: plugin: registered > > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) > > debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC > > debug: plugin: registered > > Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168) > > debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > > debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78) > > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) > > implements 'parse_config' > > debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168) > > implements 'parse_config' > > debug: using "/root/.spamassassin" for user state dir > > debug: bayes: 28513 tie-ing to DB file R/O /root/.spamassassin/bayes_toks > > debug: bayes: 28513 tie-ing to DB file R/O /root/.spamassassin/bayes_seen > > debug: bayes: found bayes db version 3 > > debug: using "/root/.spamassassin" for user state dir > > debug: Score set 3 chosen. > > debug: ---- MIME PARSER START ---- > > debug: main message type: text/plain > > debug: parsing normal part > > debug: added part, type: text/plain > > debug: ---- MIME PARSER END ---- > > debug: metadata: X-Spam-Relays-Trusted: > > debug: metadata: X-Spam-Relays-Untrusted: > > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) > > implements 'parsed_metadata' > > debug: is Net::DNS::Resolver available? yes > > debug: Net::DNS version: 0.48 > > debug: trying (3) gmx.net... > > debug: looking up NS for 'gmx.net' > > debug: NS lookup of gmx.net succeeded => Dns available (set > > dns_available to hardcode) > > debug: is DNS available? 1 > > debug: decoding: no encoding detected > > debug: URIDNSBL: domains to query: > > debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org > > debug: Running tests for priority: 0 > > debug: running header regexp tests; score so far=0 > > debug: registering glue method for check_hashcash_double_spend > > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168)) > > debug: registering glue method for check_for_spf_helo_pass > > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) > > debug: SPF: message was delivered entirely via trusted relays, not required > > debug: registering glue method for check_hashcash_value > > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168)) > > debug: all '*To' addrs: > > debug: registering glue method for check_for_spf_softfail > > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) > > debug: SPF: message was delivered entirely via trusted relays, not required > > debug: registering glue method for check_for_spf_pass > > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) > > debug: registering glue method for check_for_spf_helo_softfail > > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) > > debug: registering glue method for check_for_spf_fail > > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) > > debug: registering glue method for check_for_spf_helo_fail > > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)) > > debug: running body-text per-line regexp tests; score so far=-3.174 > > debug: running uri tests; score so far=-3.174 > > debug: registering glue method for check_uridnsbl > > (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c)) > > debug: bayes corpus size: nspam = 4620, nham = 408 > > debug: tokenize: header tokens for *F = "U*ignore > > D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org > > D*org" > > debug: tokenize: header tokens for *m = " 1138895936 lint_rules " > > debug: tokenize: header tokens for *RT = " " > > debug: tokenize: header tokens for *RU = " " > > debug: bayes token 'body' => 0.946350853491789 > > debug: bayes token 'H*Ad:D*org' => 0.0946204880029939 > > debug: bayes: score = 0.429821922703648 > > debug: bayes: 28513 untie-ing > > debug: bayes: 28513 untie-ing db_toks > > debug: bayes: 28513 untie-ing db_seen > > debug: Razor2 is not available > > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) > > implements 'check_tick' > > debug: running raw-body-text per-line regexp tests; score so far=-3.173 > > debug: running full-text regexp tests; score so far=-3.173 > > debug: Razor2 is not available > > debug: Current PATH is: > > > /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin > > > > debug: Pyzor is not available: pyzor not found > > debug: DCCifd is not available: no r/w dccifd socket found. > > debug: DCC is not available: no executable dccproc found. > > debug: Running tests for priority: 500 > > debug: RBL: success for 1 of 1 queries > > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c) > > implements 'check_post_dnsbl' > > debug: running meta tests; score so far=-3.173 > > debug: running header regexp tests; score so far=-1.947 > > debug: running body-text per-line regexp tests; score so far=-1.947 > > debug: running uri tests; score so far=-1.947 > > debug: running raw-body-text per-line regexp tests; score so far=-1.947 > > debug: running full-text regexp tests; score so far=-1.947 > > debug: Running tests for priority: 1000 > > debug: running meta tests; score so far=-1.947 > > debug: running header regexp tests; score so far=-1.947 > > debug: using "/root/.spamassassin" for user state dir > > debug: lock: 28513 created > > /root/.spamassassin/auto-whitelist.lock.mxt.1bigthink.com.28513 > > debug: lock: 28513 trying to get lock on > > /root/.spamassassin/auto-whitelist with 0 retries > > debug: lock: 28513 link to /root/.spamassassin/auto-whitelist.lock: link ok > > debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist > > debug: auto-whitelist (db-based): > > ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 > > debug: AWL active, pre-score: -1.947, autolearn score: -1.947, mean: > > undef, IP: undef > > debug: DB addr list: untie-ing and unlocking. > > debug: DB addr list: file locked, breaking lock. > > debug: unlock: 28513 unlink /root/.spamassassin/auto-whitelist.lock > > debug: Post AWL score: -1.947 > > debug: running body-text per-line regexp tests; score so far=-1.947 > > debug: running uri tests; score so far=-1.947 > > debug: running raw-body-text per-line regexp tests; score so far=-1.947 > > debug: running full-text regexp tests; score so far=-1.947 > > debug: is spam? score=-1.947 required=4.57 > > debug: > > tests=ALL_TRUSTED,BAYES_50,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME > > debug: > > > subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID > > > > > > Any advice greatly appreciated. Comments to the effect that this > > messagewas a fluke at getting by would be acceptable at this point too. > > I think I do understand the issue a lot better, now. > > > > Thanks, > > Glenn Parsons >Have you considered upgrading to spamassassin 3.1.0? >Maybe a munged file in spamassassin, and the upgrade might kick it into >submission. > I intended to upgrade SpamAssassin with MailScanner 4.50 this weekend. Glenn Parsons From dyioulos at firstbhph.com Thu Feb 2 18:04:56 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Thu Feb 2 18:05:00 2006 Subject: mailscanner and perdomain white and blacklists In-Reply-To: <43E24649.4000105@ecs.soton.ac.uk> References: <003f01c62787$c3f61370$0200a8c0@satellite> <200602021242.34319.dyioulos@firstbhph.com> <43E24649.4000105@ecs.soton.ac.uk> Message-ID: <200602021304.56736.dyioulos@firstbhph.com> Sorry for the apparent lack of clarity. As I said, I'm using Mailwatch's SQLBlackWhiteList.pm, so my MailScanner.Conf "Is Definitely Not Spam = &SQLWhitelist" and "Is Definitely Spam = &SQLBlacklist". Without cauisng MS to barf , can I do something like: Is Definitely Not Spam = &SQLWhitelist %rules-dir/spam.whitelist.rules or Is Definitely Not Spam = &SQLWhitelist Is Definitely Not Spam = %rules-dir/spam.whitelist.rules If not, how do I continue to use SQLBlackWhiteList.pm and "supplement" it with another whitelist? Dimitri On Thursday February 02 2006 12:50 pm, Julian Field wrote: > Dimitri Yioulos wrote: > > Julian, > > > > I hope this isn't a totally lame question, but can the directives "Is > > Definitely Not Spam" and Is Definitely Not Spam" take more than one > > argument (point to multiple sources? Here's why: > > You can do > From: friend@nicesite.com and 152.34. yes > into a ruleset. > > Does that help? > If not, I don't quite understand what you are getting at. > > > I have one colleague who emails me regularly from outside our system. > > His mail is marked as spam (listed in RBL, although his ISP doesn't seem > > to show up in RBLs). I want to whitelist him/exclude him from being > > scanned. I'm using SQLWhiteBlackList.pm, and it works for individual ip > > addresses. I also added a tweak to white/blacklist addresses based on > > the first three address octets, but I'm not sure it that works. As my > > colleague's ISP uses several mail servers to send his mail, it's > > problematic to try and add every possible mail server address to the > > whitelist. I've tried adding his email address and our domain to the > > whitelist, but that doesn't seem to work. I also created a file in the > > MailScanner rules dir called scan.messages.rules, added him, and set Scan > > Messages = %rules_dir%/scan.messages.rules in MailScanner, but no joy. > > > > How do I accomplish this? > > > > Regards, > > > > Dimitri > > > > PS - I cross-posted this to the Mailwatch list because I wasn't sure > > which was appropriate - apologies if I boo-booed. > > > > On Thursday February 02 2006 12:28 pm, Julian Field wrote: > >> There is code to do this in CustomConfig.pm in > >> /usr/lib/MailScanner/MailScanner. There is documentation in there that > >> will tell you how to enable the code and how to set everything up for > >> it. Look for the Per-Domain whitelist and blacklist code and you'll find > >> it, there is code in the same file for other add-on features as well. > >> > >> If you have trouble setting it up or getting it basically working, then > >> give me a shout (possibly on IRC) and I'll try to help where I can. > >> > >> It's not hard, you don't have to write any code or anything to make it > >> all work > >> > >> :-) > >> > >> Dave wrote: > >>> Hi Julian, > >>> Thanks for your reply. I haven't had a moment yet to check out that > >>> boxes mailscanner.conf except except just a quick overview of the > >>> mta-specific settings. Can the spam whitelists and blacklists be used > >>> on a perdomain basis? For example, i've got domain1.com and > >>> domain2.com. The user at domain1.com wants a user added to his spam > >>> whitelist while the user at domain2.com wants a spammer added to his > >>> spam blacklist. Ideally i believe these users at domain 1 and 2 .com > >>> want independent lists. > >>> Thanks a lot. > >>> Dave. > >>> > >>> ----- Original Message ----- From: "Julian Field" > >>> > >>> To: "MailScanner discussion" > >>> Sent: Thursday, February 02, 2006 4:09 AM > >>> Subject: Re: mailscanner and perdomain white and blacklists > >>> > >>>> -----BEGIN PGP SIGNED MESSAGE----- > >>>> > >>>> On 1 Feb 2006, at 23:32, Dave wrote: > >>>>> Hello, > >>>>> I've got a mailscanner install with sendmail. It's working fine > >>>>> and it's working for multiple users. Now i'm getting requests from > >>>>> user a to add a username/domain to a blacklist file and user b to > >>>>> add another username/domain to a whitelist file. These i'm thinking > >>>>> should be separate as they are separate domains. This is on an fc4 > >>>>> box. Is this doable, any help appreciated. > >>>>> Thanks. > >>>>> Dave. > >>>> > >>>> Blacklist or whitelist in what sense? You basically just need a > >>>> couple of rulesets, one for your blacklist and one for your > >>>> whitelist. There is already a spam.whitelist.rules which you can use > >>>> as a sample from which to create and use a spam.blacklist.rules file. > >>>> Look in MailScanner.conf for spam.whitelist.rules and you will see > >>>> how to refer a setting to a rules file. > >>>> - -- Julian Field > >>>> www.MailScanner.info > >>>> Buy the MailScanner book at www.MailScanner.info/store > >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>>> > >>>> > >>>> -----BEGIN PGP SIGNATURE----- > >>>> Version: PGP Desktop 9.0.4 (Build 4042) > >>>> > >>>> iQEVAwUBQ+HMSPw32o+k+q+hAQFcjgf/b7C67K+nPF2k5yRxvHN4rmRhxSQuV+Eo > >>>> ALqzDcgMPMNSnHGBTC2S0C+XPgzx0Fa3RIMzw7vMIHDuL6O5Gme4C2Hco4B6+taX > >>>> vKISOpZ3mWI0HVWPYfytXBZwCBYG0MJBrIXDOr5pH/+R2HRxfQ0UGRkt63nojNiH > >>>> D668v55qOGNMjxGx0JR9qLJNQhxtFaGMBvmZ8D5j74B1H+UX/yhL15hXgvST1lyO > >>>> rQgiX+Fmc4ZIFhgc6G362AC5iSIh2ebXrYnyo9mt2Jdzu2KTScZjR7A0xKiPWOf5 > >>>> uVmaHMRFV8TVe+068DKrdpnT0l9BDGuwW1aFznE5vAk2hCL3rz6jTA== > >>>> =2N0u > >>>> -----END PGP SIGNATURE----- > >>>> > >>>> -- > >>>> This message has been scanned for viruses and > >>>> dangerous content by MailScanner, and is > >>>> believed to be clean. > >>>> > >>>> -- > >>>> MailScanner mailing list > >>>> mailscanner@lists.mailscanner.info > >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>> > >>>> Before posting, read http://wiki.mailscanner.info/posting > >>>> > >>>> Support MailScanner development - buy the book off the website! > >> > >> -- > >> Julian Field > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> Professional Support Services at www.MailScanner.biz > >> MailScanner thanks transtec Computers for their support > >> > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lhaig at haigmail.com Thu Feb 2 18:09:24 2006 From: lhaig at haigmail.com (Lance Haig) Date: Thu Feb 2 18:09:29 2006 Subject: Downloading the latest update :-) In-Reply-To: <77EB9F6B-9FC6-48BE-B4CD-DD5BF130880F@ecs.soton.ac.uk> References: <43E12132.5060402@haigmail.com> <43E1293C.5020503@ecs.soton.ac.uk> <43E12D2E.2070106@haigmail.com> <77EB9F6B-9FC6-48BE-B4CD-DD5BF130880F@ecs.soton.ac.uk> Message-ID: <43E24AD4.7050108@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Julian, I checked the file and the problem was a space instead of a tab I fixed that and now the error about line 19 is gone Lance Julian Field wrote: > On 1 Feb 2006, at 21:50, Lance Haig wrote: > >>> * PGP Signed by an unknown key: 02/01/06 at 21:50:38 >>> >>> I have an error in my Mailscanner --lint command >>> >>> mailhost:~ # MailScanner --lint >>> Possible syntax error on line 19 of /etc/MailScanner/ >>> filename.rules.conf >>> at /usr/lib/MailScanner/MailScanner/Config.pm line 1274 >>> Remember to separate fields with tab characters! at >>> /usr/lib/MailScanner/MailScanner/Config.pm line 1276 >>> Read 710 hostnames from the phishing whitelist >>> Config: calling custom init function SQLBlacklist >>> Config: calling custom init function MailWatchLogging >>> Config: calling custom init function SQLWhitelist >>> Checking SpamAssassin errors (if you use it), this may take some >>> time... >>> Using SpamAssassin results cache >>> Connected to SpamAssassin cache database >>> SpamAssassin reported no errors. >>> >>> MailScanner.conf says "Virus Scanners = clamavmodule bitdefender" >>> Found these virus scanners installed: bitdefender, clamavmodule >>> >>> I have checked the file and all fields are seperated by tabs so I am a >>> bit confused. >>> >>> Can anyone shed some light? > > Exactly what does line 19 of that file say? > >>> Lance >>> >>> Julian Field wrote: >>>> Lance Haig wrote: >>>>> Is it easier to download the SA clam package from Julians site to >>>>> update >>>>> clam or would it be better to just update clam from the clam site? >>>>> >>>>> I don't want to lose the clamavmodule part of the install as I >>>>> have had >>>>> problems installing it in the past. >>>>> >>>>> I have SA 3.1 and Clamav 87 on suse 9.3 >>>>> >>>> I would do my package. It will upgrade Clam then rebuild Mail::ClamAV >>>> and link it against the Clam it just built. >>>> More reliable in my view. >>>> >>>> I don't like building perl modules that call C libraries without >>>> knowing >>>> I had the latest C library when it was linked together. >>>> >>> * Unknown Key >>> * 0x8059EB58 (L) >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4krUM4kHBIBZ61gRAhQWAKCAP+VjvfaQF2eOLBShTE93zDhe6ACgliaW Q3T0XDA0RJ3/c3pGamRv9S4= =+uSf -----END PGP SIGNATURE----- From lhaig at haigmail.com Thu Feb 2 18:12:12 2006 From: lhaig at haigmail.com (Lance Haig) Date: Thu Feb 2 18:12:16 2006 Subject: MS Slow after update to 4.50.14 on suse In-Reply-To: References: <43E1382D.8010603@haigmail.com> Message-ID: <43E24B7C.6020908@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Julian, this is where it stops Thanks Lance [7877] dbg: rules: running body-text per-line regexp tests; score so far=2.906 [7877] dbg: uri: running uri tests; score so far=2.906 [7877] dbg: rules: running raw-body-text per-line regexp tests; score so far=2.906 [7877] dbg: rules: running full-text regexp tests; score so far=2.906 [7877] dbg: check: is spam? score=2.906 required=5 [7877] dbg: check: tests=MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE [7877] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID [7877] dbg: bayes: untie-ing [7877] dbg: bayes: untie-ing db_toks [7877] dbg: bayes: untie-ing db_seen Julian Field wrote: > > On 1 Feb 2006, at 22:37, Lance Haig wrote: > >>> * PGP Signed by an unknown key: 02/01/06 at 22:37:33 >>> >>> I have a problem after upgrading. >>> >>> My MS is very slow processing mail. I have sent test text messages to >>> the system and they take between 28 to 31 seconds to process >>> >>> here is a snippet of the log Can anyone lead me in the right direction >>> to see why this is so low? > > I would suspect a SpamAssassin problem. > Run > MailScanner --debug --debug-sa > and see if it pauses anywhere at all. > >>> Thanks >>> >>> Lance >>> >>> Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Found 2 >>> messages >>> waiting >>> Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Scanning 1 >>> messages, 2009 bytes >>> Feb 1 22:56:27 mailhost MailScanner[2384]: Spam Checks: Starting >>> Feb 1 22:56:54 mailhost MailScanner[2384]: Virus and Content >>> Scanning: >>> Starting >>> Feb 1 22:56:55 mailhost MailScanner[2384]: Uninfected: Delivered 1 >>> messages >>> Feb 1 22:56:55 mailhost MailScanner[2384]: Batch processed in >>> 27.65 seconds >>> Feb 1 22:56:55 mailhost MailScanner[2384]: Logging message >>> k11MuMV5003084 to SQL >>> Feb 1 22:56:55 mailhost MailScanner[2384]: "Always Looked Up Last" >>> took >>> 0.00 seconds >>> Feb 1 22:56:55 mailhost sendmail[3114]: k11MuMV5003084: >>> to=, delay=00:00:28, xdelay=00:00:00, >>> mailer=esmtp, pri=121508, relay=[194.143.190.32] [194.143.190.32], >>> dsn=2.0.0, stat=Sent (OK) >>> Feb 1 22:56:55 mailhost MailScanner[26335]: k11MuMV5003084: Logged to >>> MailWatch SQL >>> Feb 1 22:56:56 mailhost MailScanner[2292]: Virus and Content >>> Scanning: >>> Starting >>> Feb 1 22:56:58 mailhost MailScanner[2292]: Uninfected: Delivered 1 >>> messages >>> Feb 1 22:56:58 mailhost MailScanner[2292]: Batch processed in >>> 34.43 seconds >>> Feb 1 22:56:58 mailhost MailScanner[2292]: Logging message >>> k11MuM6S003085 to SQL >>> Feb 1 22:56:58 mailhost MailScanner[2292]: "Always Looked Up Last" >>> took >>> 0.00 seconds >>> Feb 1 22:56:58 mailhost MailScanner[26335]: k11MuM6S003085: Logged to >>> MailWatch SQL >>> Feb 1 22:56:59 mailhost sendmail[3122]: k11MuM6S003085: >>> to=, delay=00:00:37, xdelay=00:00:01, >>> mailer=esmtp, >>> pri=121504, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, >>> stat=Sent (OK) >>> Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: >>> from=, size=4772, >>> class=-30, >>> nrcpts=1, msgid=<43E12E21.7080002@noacon.com>, proto=ESMTP, >>> daemon=MTA, >>> relay=bkserver.blacknight.ie [83.98.166.45] >>> Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: >>> to=, delay=00:00:00, mailer=esmtp, pri=88772, >>> stat=queued >>> Feb 1 22:57:19 mailhost MailScanner[993]: New Batch: Scanning 1 >>> messages, 5347 bytes >>> Feb 1 22:57:19 mailhost MailScanner[993]: Spam Checks: Starting >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> spam >>> in language translation file /etc/MailScanner/reports/en/ >>> languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> notspam in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Whitelist refresh time >>> reached >>> Feb 1 22:57:19 mailhost MailScanner[993]: Starting up SQL Whitelist >>> Feb 1 22:57:19 mailhost MailScanner[993]: Read 8 whitelist entries >>> Feb 1 22:57:19 mailhost MailScanner[993]: Message k11MvIXH003138 from >>> 83.98.166.45 (mailscanner-bounces@lists.mailscanner.info) is >>> whitelisted >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> mailscanner in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> unreadablearchive in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> passwordedarchive in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> archivetoodeep in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Virus and Content Scanning: >>> Starting >>> Feb 1 22:57:20 mailhost MailScanner[993]: Looked up unknown string >>> mailscanner in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:20 mailhost MailScanner[993]: Uninfected: Delivered 1 >>> messages >>> Feb 1 22:57:20 mailhost MailScanner[993]: Batch processed in 1.31 >>> seconds >>> Feb 1 22:57:20 mailhost MailScanner[993]: Logging message >>> k11MvIXH003138 to SQL >>> Feb 1 22:57:20 mailhost MailScanner[993]: "Always Looked Up Last" >>> took >>> 0.00 seconds >>> Feb 1 22:57:20 mailhost MailScanner[26335]: k11MvIXH003138: Logged to >>> MailWatch SQL >>> Feb 1 22:57:20 mailhost sendmail[3147]: k11MvIXH003138: >>> to=, delay=00:00:02, xdelay=00:00:00, >>> mailer=esmtp, >>> pri=178772, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, >>> stat=Sent (OK) >>> >>> * Unknown Key >>> * 0x8059EB58 (L) >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4kt8M4kHBIBZ61gRApLpAJ9S7YmVvHcUVtUlH9USw3hzWoMQCACfX8s6 xpYM9EZOT3t3LRM3hWawolY= =wY+S -----END PGP SIGNATURE----- From ssilva at sgvwater.com Thu Feb 2 18:18:34 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 2 18:19:00 2006 Subject: MS Slow after update to 4.50.14 on suse In-Reply-To: <43E1382D.8010603@haigmail.com> References: <43E1382D.8010603@haigmail.com> Message-ID: Lance Haig spake the following on 2/1/2006 2:37 PM: > I have a problem after upgrading. > > My MS is very slow processing mail. I have sent test text messages to > the system and they take between 28 to 31 seconds to process > > here is a snippet of the log Can anyone lead me in the right direction > to see why this is so low? > > Thanks > > Lance > > Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Found 2 messages > waiting > Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Scanning 1 > messages, 2009 bytes > Feb 1 22:56:27 mailhost MailScanner[2384]: Spam Checks: Starting > Feb 1 22:56:54 mailhost MailScanner[2384]: Virus and Content Scanning: > Starting > Feb 1 22:56:55 mailhost MailScanner[2384]: Uninfected: Delivered 1 messages > Feb 1 22:56:55 mailhost MailScanner[2384]: Batch processed in 27.65 seconds > Feb 1 22:56:55 mailhost MailScanner[2384]: Logging message > k11MuMV5003084 to SQL > Feb 1 22:56:55 mailhost MailScanner[2384]: "Always Looked Up Last" took > 0.00 seconds > Feb 1 22:56:55 mailhost sendmail[3114]: k11MuMV5003084: > to=, delay=00:00:28, xdelay=00:00:00, > mailer=esmtp, pri=121508, relay=[194.143.190.32] [194.143.190.32], > dsn=2.0.0, stat=Sent (OK) > Feb 1 22:56:55 mailhost MailScanner[26335]: k11MuMV5003084: Logged to > MailWatch SQL > Feb 1 22:56:56 mailhost MailScanner[2292]: Virus and Content Scanning: > Starting > Feb 1 22:56:58 mailhost MailScanner[2292]: Uninfected: Delivered 1 messages > Feb 1 22:56:58 mailhost MailScanner[2292]: Batch processed in 34.43 seconds > Feb 1 22:56:58 mailhost MailScanner[2292]: Logging message > k11MuM6S003085 to SQL > Feb 1 22:56:58 mailhost MailScanner[2292]: "Always Looked Up Last" took > 0.00 seconds > Feb 1 22:56:58 mailhost MailScanner[26335]: k11MuM6S003085: Logged to > MailWatch SQL > Feb 1 22:56:59 mailhost sendmail[3122]: k11MuM6S003085: > to=, delay=00:00:37, xdelay=00:00:01, mailer=esmtp, > pri=121504, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, > stat=Sent (OK) > Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: > from=, size=4772, class=-30, > nrcpts=1, msgid=<43E12E21.7080002@noacon.com>, proto=ESMTP, daemon=MTA, > relay=bkserver.blacknight.ie [83.98.166.45] > Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: > to=, delay=00:00:00, mailer=esmtp, pri=88772, > stat=queued > Feb 1 22:57:19 mailhost MailScanner[993]: New Batch: Scanning 1 > messages, 5347 bytes > Feb 1 22:57:19 mailhost MailScanner[993]: Spam Checks: Starting > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string spam > in language translation file /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > notspam in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Whitelist refresh time reached > Feb 1 22:57:19 mailhost MailScanner[993]: Starting up SQL Whitelist > Feb 1 22:57:19 mailhost MailScanner[993]: Read 8 whitelist entries > Feb 1 22:57:19 mailhost MailScanner[993]: Message k11MvIXH003138 from > 83.98.166.45 (mailscanner-bounces@lists.mailscanner.info) is whitelisted > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > mailscanner in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > unreadablearchive in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > passwordedarchive in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > archivetoodeep in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:19 mailhost MailScanner[993]: Virus and Content Scanning: > Starting > Feb 1 22:57:20 mailhost MailScanner[993]: Looked up unknown string > mailscanner in language translation file > /etc/MailScanner/reports/en/languages.conf > Feb 1 22:57:20 mailhost MailScanner[993]: Uninfected: Delivered 1 messages > Feb 1 22:57:20 mailhost MailScanner[993]: Batch processed in 1.31 seconds > Feb 1 22:57:20 mailhost MailScanner[993]: Logging message > k11MvIXH003138 to SQL > Feb 1 22:57:20 mailhost MailScanner[993]: "Always Looked Up Last" took > 0.00 seconds > Feb 1 22:57:20 mailhost MailScanner[26335]: k11MvIXH003138: Logged to > MailWatch SQL > Feb 1 22:57:20 mailhost sendmail[3147]: k11MvIXH003138: > to=, delay=00:00:02, xdelay=00:00:00, mailer=esmtp, > pri=178772, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, > stat=Sent (OK) One problem I see is either an old or no file /etc/MailScanner/reports/en/languages.conf. See if this is either a 0 length file, or if you have a /etc/MailScanner/reports/en/languages.conf.rpmnew file. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Thu Feb 2 18:21:12 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 18:21:14 2006 Subject: mailscanner and perdomain white and blacklists In-Reply-To: <200602021304.56736.dyioulos@firstbhph.com> References: <003f01c62787$c3f61370$0200a8c0@satellite> <200602021242.34319.dyioulos@firstbhph.com> <43E24649.4000105@ecs.soton.ac.uk> <200602021304.56736.dyioulos@firstbhph.com> Message-ID: <43E24D98.4060402@ecs.soton.ac.uk> Dimitri Yioulos wrote: > Sorry for the apparent lack of clarity. > > As I said, I'm using Mailwatch's SQLBlackWhiteList.pm, so my MailScanner.Conf > "Is Definitely Not Spam = &SQLWhitelist" and "Is Definitely Spam = > &SQLBlacklist". Without cauisng MS to barf , can I do something like: > > Is Definitely Not Spam = &SQLWhitelist %rules-dir/spam.whitelist.rules > > or > > Is Definitely Not Spam = &SQLWhitelist > Is Definitely Not Spam = %rules-dir/spam.whitelist.rules > > No. > If not, how do I continue to use SQLBlackWhiteList.pm and "supplement" it with > another whitelist? > Without writing a bit of code, you can't. sorry. > Dimitri > > > On Thursday February 02 2006 12:50 pm, Julian Field wrote: > >> Dimitri Yioulos wrote: >> >>> Julian, >>> >>> I hope this isn't a totally lame question, but can the directives "Is >>> Definitely Not Spam" and Is Definitely Not Spam" take more than one >>> argument (point to multiple sources? Here's why: >>> >> You can do >> From: friend@nicesite.com and 152.34. yes >> into a ruleset. >> >> Does that help? >> If not, I don't quite understand what you are getting at. >> >> >>> I have one colleague who emails me regularly from outside our system. >>> His mail is marked as spam (listed in RBL, although his ISP doesn't seem >>> to show up in RBLs). I want to whitelist him/exclude him from being >>> scanned. I'm using SQLWhiteBlackList.pm, and it works for individual ip >>> addresses. I also added a tweak to white/blacklist addresses based on >>> the first three address octets, but I'm not sure it that works. As my >>> colleague's ISP uses several mail servers to send his mail, it's >>> problematic to try and add every possible mail server address to the >>> whitelist. I've tried adding his email address and our domain to the >>> whitelist, but that doesn't seem to work. I also created a file in the >>> MailScanner rules dir called scan.messages.rules, added him, and set Scan >>> Messages = %rules_dir%/scan.messages.rules in MailScanner, but no joy. >>> >>> How do I accomplish this? >>> >>> Regards, >>> >>> Dimitri >>> >>> PS - I cross-posted this to the Mailwatch list because I wasn't sure >>> which was appropriate - apologies if I boo-booed. >>> >>> On Thursday February 02 2006 12:28 pm, Julian Field wrote: >>> >>>> There is code to do this in CustomConfig.pm in >>>> /usr/lib/MailScanner/MailScanner. There is documentation in there that >>>> will tell you how to enable the code and how to set everything up for >>>> it. Look for the Per-Domain whitelist and blacklist code and you'll find >>>> it, there is code in the same file for other add-on features as well. >>>> >>>> If you have trouble setting it up or getting it basically working, then >>>> give me a shout (possibly on IRC) and I'll try to help where I can. >>>> >>>> It's not hard, you don't have to write any code or anything to make it >>>> all work >>>> >>>> :-) >>>> >>>> Dave wrote: >>>> >>>>> Hi Julian, >>>>> Thanks for your reply. I haven't had a moment yet to check out that >>>>> boxes mailscanner.conf except except just a quick overview of the >>>>> mta-specific settings. Can the spam whitelists and blacklists be used >>>>> on a perdomain basis? For example, i've got domain1.com and >>>>> domain2.com. The user at domain1.com wants a user added to his spam >>>>> whitelist while the user at domain2.com wants a spammer added to his >>>>> spam blacklist. Ideally i believe these users at domain 1 and 2 .com >>>>> want independent lists. >>>>> Thanks a lot. >>>>> Dave. >>>>> >>>>> ----- Original Message ----- From: "Julian Field" >>>>> >>>>> To: "MailScanner discussion" >>>>> Sent: Thursday, February 02, 2006 4:09 AM >>>>> Subject: Re: mailscanner and perdomain white and blacklists >>>>> >>>>> >>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>> >>>>>> On 1 Feb 2006, at 23:32, Dave wrote: >>>>>> >>>>>>> Hello, >>>>>>> I've got a mailscanner install with sendmail. It's working fine >>>>>>> and it's working for multiple users. Now i'm getting requests from >>>>>>> user a to add a username/domain to a blacklist file and user b to >>>>>>> add another username/domain to a whitelist file. These i'm thinking >>>>>>> should be separate as they are separate domains. This is on an fc4 >>>>>>> box. Is this doable, any help appreciated. >>>>>>> Thanks. >>>>>>> Dave. >>>>>>> >>>>>> Blacklist or whitelist in what sense? You basically just need a >>>>>> couple of rulesets, one for your blacklist and one for your >>>>>> whitelist. There is already a spam.whitelist.rules which you can use >>>>>> as a sample from which to create and use a spam.blacklist.rules file. >>>>>> Look in MailScanner.conf for spam.whitelist.rules and you will see >>>>>> how to refer a setting to a rules file. >>>>>> - -- Julian Field >>>>>> www.MailScanner.info >>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>> >>>>>> >>>>>> -----BEGIN PGP SIGNATURE----- >>>>>> Version: PGP Desktop 9.0.4 (Build 4042) >>>>>> >>>>>> iQEVAwUBQ+HMSPw32o+k+q+hAQFcjgf/b7C67K+nPF2k5yRxvHN4rmRhxSQuV+Eo >>>>>> ALqzDcgMPMNSnHGBTC2S0C+XPgzx0Fa3RIMzw7vMIHDuL6O5Gme4C2Hco4B6+taX >>>>>> vKISOpZ3mWI0HVWPYfytXBZwCBYG0MJBrIXDOr5pH/+R2HRxfQ0UGRkt63nojNiH >>>>>> D668v55qOGNMjxGx0JR9qLJNQhxtFaGMBvmZ8D5j74B1H+UX/yhL15hXgvST1lyO >>>>>> rQgiX+Fmc4ZIFhgc6G362AC5iSIh2ebXrYnyo9mt2Jdzu2KTScZjR7A0xKiPWOf5 >>>>>> uVmaHMRFV8TVe+068DKrdpnT0l9BDGuwW1aFznE5vAk2hCL3rz6jTA== >>>>>> =2N0u >>>>>> -----END PGP SIGNATURE----- >>>>>> >>>>>> -- >>>>>> This message has been scanned for viruses and >>>>>> dangerous content by MailScanner, and is >>>>>> believed to be clean. >>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>> -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> Professional Support Services at www.MailScanner.biz >>>> MailScanner thanks transtec Computers for their support >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Thu Feb 2 18:34:14 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Feb 2 18:34:27 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: <223f97700602011640o2eea2318y@mail.gmail.com> <43E1596B.40101@evi-inc.com> <6.2.3.4.0.20060202105138.0abb6248@mxt.1bigthink.com> Message-ID: <43E250A6.8020706@evi-inc.com> Scott Silva wrote: > dnsadmin 1bigthink.com spake the following on 2/2/2006 8:08 AM: >> At 07:59 PM 2/1/2006, you wrote: >> >> debug: SpamAssassin version 3.0.3 >> Thanks, >> Glenn Parsons > Have you considered upgrading to spamassassin 3.1.0? Or at least upgrade to 3.0.5. All other version of SA 3.0 have MAJOR bugs in the ALL_TRUSTED code. 3.0.5 has a back-port of 3.1.0's algorithm, which deals better with parsing problems. 3.0.0-3.0.4 - ALL_TRUSTED = no untrusted relays. 3.0.5-3.1.0 - ALL_TRUSTED = at least 1 trusted relay, no untrusted relays and no unparseable relays. The version in 3.0.0-3.0.4 will false-fire with ALL_TRUSTED if there are no parseable headers. From mhw at WittsEnd.com Thu Feb 2 18:14:53 2006 From: mhw at WittsEnd.com (Michael H. Warfield) Date: Thu Feb 2 18:51:22 2006 Subject: Attachment Warnings - End of Line Behavior Changed (CR, LF) In-Reply-To: <1138894138.25670.25.camel@lea.nerc-wallingford.ac.uk> References: <6a4915590601301601s5399fd75jabf461d86eaf5d71@mail.gmail.com> <6a4915590602010730t3055651elef164558540cee58@mail.gmail.com> <43E0D70F.9080804@USherbrooke.ca> <1138845529.4025.80.camel@canyon.wittsend.com> <1138894138.25670.25.camel@lea.nerc-wallingford.ac.uk> Message-ID: <1138904093.4030.13.camel@canyon.wittsend.com> On Thu, 2006-02-02 at 15:28 +0000, Greg Matthews wrote: > On Wed, 2006-02-01 at 20:58 -0500, Michael H. Warfield wrote: > > Turns out it's far worse than we imagined. ...... Work in progress... > > > > ITMT... Turn off "Sign Clean Messages". > > > yeegads! theres no way I can turn this option off now that it is > implemented. I was hoping to upgrade MS from 4.45.4 to 4.50.x pretty > soon, looks like this will have to be on hold for a while. Then you will have to suffer with the line ending problem and broken S/MIME and GPG/MIME cryptographic signatures until it's fixed. Pick your poison. You don't get both. I don't have that option. My signatures HAVE TO WORK. > Will the fix be announced here or will I have to monitor a perl mailing > list somewhere? Nope... It's gonna have to be a MailScanner fix. Even when we altered MIME::Tools to return CR/LF, something higher up on the food chain stripped them. That's one problem and specific to this thread. But merely fixing that doesn't fix the rest of the problem. The other problem is in reformating the Mime parts. That's breaking PGP and S/MIME signatures. For example Evolution will format a simple line with a hard return with just that, a hard return (CR/LF), in quoted-printable, and then sign it with GPG. That same line, when it re-encoded by the perl MIME encode_qp routine comes out with the sequence =0A= at the end of each hard line ending. That translates back as a hard return followed by a soft quoted (escaped) return. It does the same thing. Both will decode back to the same text. But it breaks the signatures, because it's the encoded text which is signed. The trouble is, there is no fix for the perl code. It's sloppy (excessive encoding) but not necessarily wrong either. And if you fix it to go the other way, you're broken when the message was encoded by something else using sloppy encoding. Damn if you do and damned if you don't. The only solution is to preserve the encoded text and restore it exactly, if no modifications are made. That's got to be handled at a high level in MailScanner and it's not going to be pretty. Quoted-printable is ambiguous because there are multiple encodings which can decode back to the same canonical text. You have no deterministic manner to reliably recover the original encoded text from the canonical text in rebuilding the quoted-printable attachments. So you have no reliable way to rebuild the attachments from the canonical text and preserve any cryptographic signatures. Game over... > G Mike > > Mike > -- > Greg Matthews 01491 692445 > Head of UNIX/Linux, iTSS Wallingford Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060202/d9c9f1b2/attachment.bin From Edge at twu.ca Thu Feb 2 19:08:02 2006 From: Edge at twu.ca (Richard Edge) Date: Thu Feb 2 19:08:40 2006 Subject: ALL_TRUSTED problems Message-ID: In my situation, I am already at SA 3.1.0. Should I try something drastic like uninstalling SA and doing a new install or forcing an install over the existing installation. If so what is the best way to proceed. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Kettler Sent: Thursday, February 02, 2006 10:34 AM To: MailScanner discussion Subject: Re: ALL_TRUSTED problems Scott Silva wrote: > dnsadmin 1bigthink.com spake the following on 2/2/2006 8:08 AM: >> At 07:59 PM 2/1/2006, you wrote: >> >> debug: SpamAssassin version 3.0.3 >> Thanks, >> Glenn Parsons > Have you considered upgrading to spamassassin 3.1.0? Or at least upgrade to 3.0.5. All other version of SA 3.0 have MAJOR bugs in the ALL_TRUSTED code. 3.0.5 has a back-port of 3.1.0's algorithm, which deals better with parsing problems. 3.0.0-3.0.4 - ALL_TRUSTED = no untrusted relays. 3.0.5-3.1.0 - ALL_TRUSTED = at least 1 trusted relay, no untrusted relays and no unparseable relays. The version in 3.0.0-3.0.4 will false-fire with ALL_TRUSTED if there are no parseable headers. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Feb 2 19:21:05 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 19:21:14 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: Message-ID: <43E25BA1.2030000@ecs.soton.ac.uk> If that is what you want to do, then do a locate SpamAssassin.pm and delete it and re-install SpamAssassin 3.1.0. Richard Edge wrote: > In my situation, I am already at SA 3.1.0. Should I try something > drastic like uninstalling SA and doing a new install or forcing an > install over the existing installation. If so what is the best way to > proceed. > > Richard Edge > Senior Systems Administrator | Technology Services > Trinity Western University | t: 604.513.2089 > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt > Kettler > Sent: Thursday, February 02, 2006 10:34 AM > To: MailScanner discussion > Subject: Re: ALL_TRUSTED problems > > Scott Silva wrote: > >> dnsadmin 1bigthink.com spake the following on 2/2/2006 8:08 AM: >> >>> At 07:59 PM 2/1/2006, you wrote: >>> >>> debug: SpamAssassin version 3.0.3 >>> Thanks, >>> Glenn Parsons >>> >> Have you considered upgrading to spamassassin 3.1.0? >> > > > Or at least upgrade to 3.0.5. All other version of SA 3.0 have MAJOR > bugs in the ALL_TRUSTED code. 3.0.5 has a back-port of 3.1.0's > algorithm, which deals better with parsing problems. > > > 3.0.0-3.0.4 - ALL_TRUSTED = no untrusted relays. > > 3.0.5-3.1.0 - ALL_TRUSTED = at least 1 trusted relay, no untrusted > relays and no unparseable relays. > > The version in 3.0.0-3.0.4 will false-fire with ALL_TRUSTED if there are > no parseable headers. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lhaig at haigmail.com Thu Feb 2 19:34:49 2006 From: lhaig at haigmail.com (Lance Haig) Date: Thu Feb 2 19:34:54 2006 Subject: How does one downgrade? Message-ID: <43E25ED9.5090103@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am having quite a time with the upgrade to 4.50.14 I get loads of dependency problems and a 15 characters text e-mail is taking 20 plus seconds to work through the system. The system performed much better on 4.49.X for me. I need to go back to the system before I upgraded as it has been two days now and the delay is quite bad. DO I just rename all the old directories and file to their original names and all is ok? What files must I make sure to rename? Thanks Guys Lance -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4l7ZM4kHBIBZ61gRAqIzAJ9hUIblwZL9WTJP95XeliyEJNqAMgCfXvQh EXxCDjveTbJtBrCL1NWcE+M= =E6/l -----END PGP SIGNATURE----- From ssilva at sgvwater.com Thu Feb 2 19:48:54 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 2 19:49:47 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: Message-ID: Richard Edge spake the following on 2/2/2006 11:08 AM: > In my situation, I am already at SA 3.1.0. Should I try something > drastic like uninstalling SA and doing a new install or forcing an > install over the existing installation. If so what is the best way to > proceed. > > Richard Edge > Senior Systems Administrator | Technology Services > Trinity Western University | t: 604.513.2089 > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt > Kettler > Sent: Thursday, February 02, 2006 10:34 AM > To: MailScanner discussion > Subject: Re: ALL_TRUSTED problems > > Scott Silva wrote: >> dnsadmin 1bigthink.com spake the following on 2/2/2006 8:08 AM: >>> At 07:59 PM 2/1/2006, you wrote: >>> >>> debug: SpamAssassin version 3.0.3 >>> Thanks, >>> Glenn Parsons >> Have you considered upgrading to spamassassin 3.1.0? > > > Or at least upgrade to 3.0.5. All other version of SA 3.0 have MAJOR > bugs in the ALL_TRUSTED code. 3.0.5 has a back-port of 3.1.0's > algorithm, which deals better with parsing problems. > > > 3.0.0-3.0.4 - ALL_TRUSTED = no untrusted relays. > > 3.0.5-3.1.0 - ALL_TRUSTED = at least 1 trusted relay, no untrusted > relays and no unparseable relays. > > The version in 3.0.0-3.0.4 will false-fire with ALL_TRUSTED if there are > no parseable headers. > -- This thread has gotten very confusing! I take it there are 2 people with a similar problem, but more than likely 2 different solutions. I had a problem with a spamassassin install sometime back where it was defaulting to looking for its rules in /usr/etc/mail/spamassassin. It took days to track this down. If you have this problem, I fixed it with a symlink from /usr/etc/mail/spamassassin pointing to /etc/mail/spamassassin. Maybe way off, but a guess s all I have... -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Thu Feb 2 19:54:17 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 2 19:55:54 2006 Subject: How does one downgrade? In-Reply-To: <43E25ED9.5090103@haigmail.com> References: <43E25ED9.5090103@haigmail.com> Message-ID: Lance Haig spake the following on 2/2/2006 11:34 AM: > I am having quite a time with the upgrade to 4.50.14 > > I get loads of dependency problems and a 15 characters text e-mail is > taking 20 plus seconds to work through the system. > > The system performed much better on 4.49.X for me. > > I need to go back to the system before I upgraded as it has been two > days now and the delay is quite bad. > > DO I just rename all the old directories and file to their original > names and all is ok? > > What files must I make sure to rename? > > Thanks Guys > > Lance Did you run something to backup your previous install? There was a script in the MAQ I use before I upgrade that copies the existing MailScanner stuff to MailScanner.%CURRENT-DATE%. If you didn't back up, and you ran the upgrade_mailscanner_conf script, you might be able to remove the new install( or rename), re-install the one you want, and copy over the configs you need. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From lhaig at haigmail.com Thu Feb 2 20:01:32 2006 From: lhaig at haigmail.com (Lance Haig) Date: Thu Feb 2 20:01:36 2006 Subject: How does one downgrade? In-Reply-To: References: <43E25ED9.5090103@haigmail.com> Message-ID: <43E2651C.9030101@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Scott, I have made a backup so I suppose that to rename all the "new" stuff and then rename the "old" stuff should be ok. I will give it a go and see what happens. Thanks Lance Scott Silva wrote: > Lance Haig spake the following on 2/2/2006 11:34 AM: >> I am having quite a time with the upgrade to 4.50.14 >> >> I get loads of dependency problems and a 15 characters text e-mail is >> taking 20 plus seconds to work through the system. >> >> The system performed much better on 4.49.X for me. >> >> I need to go back to the system before I upgraded as it has been two >> days now and the delay is quite bad. >> >> DO I just rename all the old directories and file to their original >> names and all is ok? >> >> What files must I make sure to rename? >> >> Thanks Guys >> >> Lance > Did you run something to backup your previous install? > There was a script in the MAQ I use before I upgrade that copies the existing > MailScanner stuff to MailScanner.%CURRENT-DATE%. > If you didn't back up, and you ran the upgrade_mailscanner_conf script, you > might be able to remove the new install( or rename), re-install the one you > want, and copy over the configs you need. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4mUcM4kHBIBZ61gRAi9tAJoDmVB7irIK5u5II0IMxTTVNn4C6gCgjPx4 K4/pFTB78/c4/UqdvcZd1cQ= =K/uP -----END PGP SIGNATURE----- From dnsadmin at 1bigthink.com Thu Feb 2 20:02:35 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Thu Feb 2 20:02:44 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: Message-ID: <6.2.3.4.0.20060202145729.05a32db0@mxt.1bigthink.com> At 02:48 PM 2/2/2006, you wrote: >Richard Edge spake the following on 2/2/2006 11:08 AM: > > In my situation, I am already at SA 3.1.0. Should I try something > > drastic like uninstalling SA and doing a new install or forcing an > > install over the existing installation. If so what is the best way to > > proceed. > > > > Richard Edge > > Senior Systems Administrator | Technology Services > > Trinity Western University | t: 604.513.2089 > > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt > > Kettler > > Sent: Thursday, February 02, 2006 10:34 AM > > To: MailScanner discussion > > Subject: Re: ALL_TRUSTED problems > > > > Scott Silva wrote: > >> dnsadmin 1bigthink.com spake the following on 2/2/2006 8:08 AM: > >>> At 07:59 PM 2/1/2006, you wrote: > >>> > >>> debug: SpamAssassin version 3.0.3 > >>> Thanks, > >>> Glenn Parsons > >> Have you considered upgrading to spamassassin 3.1.0? > > > > > > Or at least upgrade to 3.0.5. All other version of SA 3.0 have MAJOR > > bugs in the ALL_TRUSTED code. 3.0.5 has a back-port of 3.1.0's > > algorithm, which deals better with parsing problems. > > > > > > 3.0.0-3.0.4 - ALL_TRUSTED = no untrusted relays. > > > > 3.0.5-3.1.0 - ALL_TRUSTED = at least 1 trusted relay, no untrusted > > relays and no unparseable relays. > > > > The version in 3.0.0-3.0.4 will false-fire with ALL_TRUSTED if there are > > no parseable headers. > > -- >This thread has gotten very confusing! I take it there are 2 people with a >similar problem, but more than likely 2 different solutions. > >I had a problem with a spamassassin install sometime back where it was >defaulting to looking for its rules in /usr/etc/mail/spamassassin. It took >days to track this down. If you have this problem, I fixed it with a symlink >from /usr/etc/mail/spamassassin pointing to /etc/mail/spamassassin. Maybe way >off, but a guess s all I have... I could see how you got confused with this thread.. Richard started with a problem that does not seem to be solved.. that's him still scratching his head over there! His version of MailScanner and SpamAssasin are either current or a late Beta of the current 4.50 release. We were both having problems with ALL_TRUSTED firing in the SA reports, but for different reasons. Matt resolved my problem with his last post: My SpamAssassin version is not only a bit old, but has known bugs that fire the ALL_TRUSTED rule in the way that I had observed. Thanks ever so much again, ALL! MailScanner/SpamAssassin upgrade on Saturday, so hopefully I can watch the Superbowl undistracted on Sunday! Cheers, Glenn Parsons From Denis.Beauchemin at USherbrooke.ca Thu Feb 2 20:16:32 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Feb 2 20:16:45 2006 Subject: How does one downgrade? In-Reply-To: <43E2651C.9030101@haigmail.com> References: <43E25ED9.5090103@haigmail.com> <43E2651C.9030101@haigmail.com> Message-ID: <43E268A0.3070104@USherbrooke.ca> Lance Haig wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Hi Scott, > >I have made a backup so I suppose that to rename all the "new" stuff and >then rename the "old" stuff should be ok. > >I will give it a go and see what happens. > > > Lance, Don't forget that MS installs in 3 directories (at least when installing from the RPM on a Red Hat system): /etc/MailScanner /usr/lib/MailScanner /usr/sbin Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 From lhaig at haigmail.com Thu Feb 2 20:29:00 2006 From: lhaig at haigmail.com (Lance Haig) Date: Thu Feb 2 20:29:08 2006 Subject: How does one downgrade? In-Reply-To: <43E268A0.3070104@USherbrooke.ca> References: <43E25ED9.5090103@haigmail.com> <43E2651C.9030101@haigmail.com> <43E268A0.3070104@USherbrooke.ca> Message-ID: <43E26B8C.3090902@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks Denis I will double check Lance Denis Beauchemin wrote: > Lance Haig wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Hi Scott, >> >> I have made a backup so I suppose that to rename all the "new" stuff and >> then rename the "old" stuff should be ok. >> >> I will give it a go and see what happens. >> >> >> > > Lance, > > Don't forget that MS installs in 3 directories (at least when installing > from the RPM on a Red Hat system): > /etc/MailScanner > /usr/lib/MailScanner > /usr/sbin > > Denis > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4muMM4kHBIBZ61gRAk/6AJ0QBLAuhKMR9Q2yWvTDtkyiHncWHwCfeA3x 0J4B2uuyBJaZHq7SzYB6SnA= =NPnF -----END PGP SIGNATURE----- From drozk at moeller.com Thu Feb 2 20:29:42 2006 From: drozk at moeller.com (Kevin Droz) Date: Thu Feb 2 20:29:54 2006 Subject: MailScanner needs to be restarted 2 times In-Reply-To: <43E25ED9.5090103@haigmail.com> Message-ID: <012801c62837$66435980$ab5d5c5c@MOELLER.COM> I'm running MailScanner 4.48.4-2 using SpamAssassin 3.1.0-1. Ever since I enabled SpamAssassin and make a change I need to restart MailScanner twice before it stays up. When I look in the log I see MailScanner trying to start, it stops responding after this line "started as: /usr/sbin/sendmail -q15m -OPidFile=/var/run/sendmail.out.pid" I do another restart and it starts working fine. I don't know if it's timing with activity in the mail server or maybe a lack of ram. My machine is low end Celeron with only 128 MB of ram. Thanks for the help. Kevin. From rob at robhq.com Thu Feb 2 20:44:43 2006 From: rob at robhq.com (Rob Freeman) Date: Thu Feb 2 20:44:47 2006 Subject: MailScanner needs to be restarted 2 times In-Reply-To: <012801c62837$66435980$ab5d5c5c@MOELLER.COM> References: <012801c62837$66435980$ab5d5c5c@MOELLER.COM> Message-ID: <43E26F3B.5080907@robhq.com> Kevin Droz wrote: > I'm running MailScanner 4.48.4-2 using SpamAssassin 3.1.0-1. Ever since I > enabled SpamAssassin and make a change I need to restart MailScanner twice > before it stays up. When I look in the log I see MailScanner trying to > start, it stops responding after this line "started as: /usr/sbin/sendmail > -q15m -OPidFile=/var/run/sendmail.out.pid" I do another restart and it > starts working fine. I don't know if it's timing with activity in the mail > server or maybe a lack of ram. My machine is low end Celeron with only 128 > MB of ram. > > Thanks for the help. > > Kevin. > > > > We run a pause in the mailscanner restart switch so to make sure all instances of sendmail are shutoff before mailscanner starts back up. I am thinking since this is a slower box, the sendmails are still active when your mailscanner tries to start back up. Rob From glenn.steen at gmail.com Thu Feb 2 21:05:32 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 2 21:05:35 2006 Subject: MS Slow after update to 4.50.14 on suse In-Reply-To: References: <43E1382D.8010603@haigmail.com> Message-ID: <223f97700602021305nbaf3b62g@mail.gmail.com> On 02/02/06, Scott Silva wrote: > Lance Haig spake the following on 2/1/2006 2:37 PM: > > I have a problem after upgrading. > > > > My MS is very slow processing mail. I have sent test text messages to > > the system and they take between 28 to 31 seconds to process > > > > here is a snippet of the log Can anyone lead me in the right direction > > to see why this is so low? > > > > Thanks > > > > Lance > > > > Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Found 2 messages > > waiting > > Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Scanning 1 > > messages, 2009 bytes > > Feb 1 22:56:27 mailhost MailScanner[2384]: Spam Checks: Starting > > Feb 1 22:56:54 mailhost MailScanner[2384]: Virus and Content Scanning: > > Starting > > Feb 1 22:56:55 mailhost MailScanner[2384]: Uninfected: Delivered 1 messages > > Feb 1 22:56:55 mailhost MailScanner[2384]: Batch processed in 27.65 seconds > > Feb 1 22:56:55 mailhost MailScanner[2384]: Logging message > > k11MuMV5003084 to SQL > > Feb 1 22:56:55 mailhost MailScanner[2384]: "Always Looked Up Last" took > > 0.00 seconds > > Feb 1 22:56:55 mailhost sendmail[3114]: k11MuMV5003084: > > to=, delay=00:00:28, xdelay=00:00:00, > > mailer=esmtp, pri=121508, relay=[194.143.190.32] [194.143.190.32], > > dsn=2.0.0, stat=Sent (OK) > > Feb 1 22:56:55 mailhost MailScanner[26335]: k11MuMV5003084: Logged to > > MailWatch SQL > > Feb 1 22:56:56 mailhost MailScanner[2292]: Virus and Content Scanning: > > Starting > > Feb 1 22:56:58 mailhost MailScanner[2292]: Uninfected: Delivered 1 messages > > Feb 1 22:56:58 mailhost MailScanner[2292]: Batch processed in 34.43 seconds > > Feb 1 22:56:58 mailhost MailScanner[2292]: Logging message > > k11MuM6S003085 to SQL > > Feb 1 22:56:58 mailhost MailScanner[2292]: "Always Looked Up Last" took > > 0.00 seconds > > Feb 1 22:56:58 mailhost MailScanner[26335]: k11MuM6S003085: Logged to > > MailWatch SQL > > Feb 1 22:56:59 mailhost sendmail[3122]: k11MuM6S003085: > > to=, delay=00:00:37, xdelay=00:00:01, mailer=esmtp, > > pri=121504, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, > > stat=Sent (OK) > > Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: > > from=, size=4772, class=-30, > > nrcpts=1, msgid=<43E12E21.7080002@noacon.com>, proto=ESMTP, daemon=MTA, > > relay=bkserver.blacknight.ie [83.98.166.45] > > Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: > > to=, delay=00:00:00, mailer=esmtp, pri=88772, > > stat=queued > > Feb 1 22:57:19 mailhost MailScanner[993]: New Batch: Scanning 1 > > messages, 5347 bytes > > Feb 1 22:57:19 mailhost MailScanner[993]: Spam Checks: Starting > > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string spam > > in language translation file /etc/MailScanner/reports/en/languages.conf > > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > > notspam in language translation file > > /etc/MailScanner/reports/en/languages.conf > > Feb 1 22:57:19 mailhost MailScanner[993]: Whitelist refresh time reached > > Feb 1 22:57:19 mailhost MailScanner[993]: Starting up SQL Whitelist > > Feb 1 22:57:19 mailhost MailScanner[993]: Read 8 whitelist entries > > Feb 1 22:57:19 mailhost MailScanner[993]: Message k11MvIXH003138 from > > 83.98.166.45 (mailscanner-bounces@lists.mailscanner.info) is whitelisted > > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > > mailscanner in language translation file > > /etc/MailScanner/reports/en/languages.conf > > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > > unreadablearchive in language translation file > > /etc/MailScanner/reports/en/languages.conf > > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > > passwordedarchive in language translation file > > /etc/MailScanner/reports/en/languages.conf > > Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string > > archivetoodeep in language translation file > > /etc/MailScanner/reports/en/languages.conf > > Feb 1 22:57:19 mailhost MailScanner[993]: Virus and Content Scanning: > > Starting > > Feb 1 22:57:20 mailhost MailScanner[993]: Looked up unknown string > > mailscanner in language translation file > > /etc/MailScanner/reports/en/languages.conf > > Feb 1 22:57:20 mailhost MailScanner[993]: Uninfected: Delivered 1 messages > > Feb 1 22:57:20 mailhost MailScanner[993]: Batch processed in 1.31 seconds > > Feb 1 22:57:20 mailhost MailScanner[993]: Logging message > > k11MvIXH003138 to SQL > > Feb 1 22:57:20 mailhost MailScanner[993]: "Always Looked Up Last" took > > 0.00 seconds > > Feb 1 22:57:20 mailhost MailScanner[26335]: k11MvIXH003138: Logged to > > MailWatch SQL > > Feb 1 22:57:20 mailhost sendmail[3147]: k11MvIXH003138: > > to=, delay=00:00:02, xdelay=00:00:00, mailer=esmtp, > > pri=178772, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, > > stat=Sent (OK) > One problem I see is either an old or no file > /etc/MailScanner/reports/en/languages.conf. See if this is either a 0 length > file, or if you have a /etc/MailScanner/reports/en/languages.conf.rpmnew file. Ah yes. I actually (he said blushing) walked into that myself this time around... Silly cut'n'paste all the three lines... Oh well, if that is it, it?s just a matter of moving languages.old back into place... Jules, perhaps you should stress the need to look for an rpmnew file first, before blithely doing the upgrade(s)?... In the nice usage would be a good place... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Thu Feb 2 21:21:07 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 2 21:31:41 2006 Subject: MS Slow after update to 4.50.14 on suse In-Reply-To: <223f97700602021305nbaf3b62g@mail.gmail.com> References: <43E1382D.8010603@haigmail.com> <223f97700602021305nbaf3b62g@mail.gmail.com> Message-ID: Glenn Steen spake the following on 2/2/2006 1:05 PM: > On 02/02/06, Scott Silva wrote: >> Lance Haig spake the following on 2/1/2006 2:37 PM: >>> I have a problem after upgrading. >>> >>> My MS is very slow processing mail. I have sent test text messages to >>> the system and they take between 28 to 31 seconds to process >>> >>> here is a snippet of the log Can anyone lead me in the right direction >>> to see why this is so low? >>> >>> Thanks >>> >>> Lance >>> >>> Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Found 2 messages >>> waiting >>> Feb 1 22:56:27 mailhost MailScanner[2384]: New Batch: Scanning 1 >>> messages, 2009 bytes >>> Feb 1 22:56:27 mailhost MailScanner[2384]: Spam Checks: Starting >>> Feb 1 22:56:54 mailhost MailScanner[2384]: Virus and Content Scanning: >>> Starting >>> Feb 1 22:56:55 mailhost MailScanner[2384]: Uninfected: Delivered 1 messages >>> Feb 1 22:56:55 mailhost MailScanner[2384]: Batch processed in 27.65 seconds >>> Feb 1 22:56:55 mailhost MailScanner[2384]: Logging message >>> k11MuMV5003084 to SQL >>> Feb 1 22:56:55 mailhost MailScanner[2384]: "Always Looked Up Last" took >>> 0.00 seconds >>> Feb 1 22:56:55 mailhost sendmail[3114]: k11MuMV5003084: >>> to=, delay=00:00:28, xdelay=00:00:00, >>> mailer=esmtp, pri=121508, relay=[194.143.190.32] [194.143.190.32], >>> dsn=2.0.0, stat=Sent (OK) >>> Feb 1 22:56:55 mailhost MailScanner[26335]: k11MuMV5003084: Logged to >>> MailWatch SQL >>> Feb 1 22:56:56 mailhost MailScanner[2292]: Virus and Content Scanning: >>> Starting >>> Feb 1 22:56:58 mailhost MailScanner[2292]: Uninfected: Delivered 1 messages >>> Feb 1 22:56:58 mailhost MailScanner[2292]: Batch processed in 34.43 seconds >>> Feb 1 22:56:58 mailhost MailScanner[2292]: Logging message >>> k11MuM6S003085 to SQL >>> Feb 1 22:56:58 mailhost MailScanner[2292]: "Always Looked Up Last" took >>> 0.00 seconds >>> Feb 1 22:56:58 mailhost MailScanner[26335]: k11MuM6S003085: Logged to >>> MailWatch SQL >>> Feb 1 22:56:59 mailhost sendmail[3122]: k11MuM6S003085: >>> to=, delay=00:00:37, xdelay=00:00:01, mailer=esmtp, >>> pri=121504, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, >>> stat=Sent (OK) >>> Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: >>> from=, size=4772, class=-30, >>> nrcpts=1, msgid=<43E12E21.7080002@noacon.com>, proto=ESMTP, daemon=MTA, >>> relay=bkserver.blacknight.ie [83.98.166.45] >>> Feb 1 22:57:18 mailhost sendmail-in[3138]: k11MvIXH003138: >>> to=, delay=00:00:00, mailer=esmtp, pri=88772, >>> stat=queued >>> Feb 1 22:57:19 mailhost MailScanner[993]: New Batch: Scanning 1 >>> messages, 5347 bytes >>> Feb 1 22:57:19 mailhost MailScanner[993]: Spam Checks: Starting >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string spam >>> in language translation file /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> notspam in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Whitelist refresh time reached >>> Feb 1 22:57:19 mailhost MailScanner[993]: Starting up SQL Whitelist >>> Feb 1 22:57:19 mailhost MailScanner[993]: Read 8 whitelist entries >>> Feb 1 22:57:19 mailhost MailScanner[993]: Message k11MvIXH003138 from >>> 83.98.166.45 (mailscanner-bounces@lists.mailscanner.info) is whitelisted >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> mailscanner in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> unreadablearchive in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> passwordedarchive in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Looked up unknown string >>> archivetoodeep in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:19 mailhost MailScanner[993]: Virus and Content Scanning: >>> Starting >>> Feb 1 22:57:20 mailhost MailScanner[993]: Looked up unknown string >>> mailscanner in language translation file >>> /etc/MailScanner/reports/en/languages.conf >>> Feb 1 22:57:20 mailhost MailScanner[993]: Uninfected: Delivered 1 messages >>> Feb 1 22:57:20 mailhost MailScanner[993]: Batch processed in 1.31 seconds >>> Feb 1 22:57:20 mailhost MailScanner[993]: Logging message >>> k11MvIXH003138 to SQL >>> Feb 1 22:57:20 mailhost MailScanner[993]: "Always Looked Up Last" took >>> 0.00 seconds >>> Feb 1 22:57:20 mailhost MailScanner[26335]: k11MvIXH003138: Logged to >>> MailWatch SQL >>> Feb 1 22:57:20 mailhost sendmail[3147]: k11MvIXH003138: >>> to=, delay=00:00:02, xdelay=00:00:00, mailer=esmtp, >>> pri=178772, relay=[194.143.190.32] [194.143.190.32], dsn=2.0.0, >>> stat=Sent (OK) >> One problem I see is either an old or no file >> /etc/MailScanner/reports/en/languages.conf. See if this is either a 0 length >> file, or if you have a /etc/MailScanner/reports/en/languages.conf.rpmnew file. > > Ah yes. I actually (he said blushing) walked into that myself this > time around... Silly cut'n'paste all the three lines... Oh well, if > that is it, it?s just a matter of moving languages.old back into > place... > Jules, perhaps you should stress the need to look for an rpmnew file > first, before blithely doing the upgrade(s)?... In the nice usage > would be a good place... > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se I thought Julian had fixed the upgrade_languages_conf to not do this a few months ago. Maybe my rememberer is busted... I usually check, now, after being bitten by this one. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Thu Feb 2 21:42:08 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 2 21:42:48 2006 Subject: MailScanner needs to be restarted 2 times In-Reply-To: <43E26F3B.5080907@robhq.com> References: <012801c62837$66435980$ab5d5c5c@MOELLER.COM> <43E26F3B.5080907@robhq.com> Message-ID: Rob Freeman spake the following on 2/2/2006 12:44 PM: > Kevin Droz wrote: >> I'm running MailScanner 4.48.4-2 using SpamAssassin 3.1.0-1. Ever since I >> enabled SpamAssassin and make a change I need to restart MailScanner >> twice >> before it stays up. When I look in the log I see MailScanner trying to >> start, it stops responding after this line "started as: >> /usr/sbin/sendmail >> -q15m -OPidFile=/var/run/sendmail.out.pid" I do another restart and it >> starts working fine. I don't know if it's timing with activity in the >> mail >> server or maybe a lack of ram. My machine is low end Celeron with only >> 128 >> MB of ram. >> Thanks for the help. >> >> Kevin. >> >> >> > > We run a pause in the mailscanner restart switch so to make sure all > instances of sendmail are shutoff before mailscanner starts back up. I > am thinking since this is a slower box, the sendmails are still active > when your mailscanner tries to start back up. > > Rob The default during a restart is a 10 second pause. You might be bypassing this if you are doing a stop, immediately followed by a start. If 10 seconds isn't enough, it is easy enough to find in the MailScanner init script. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From glenn.steen at gmail.com Thu Feb 2 22:05:47 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 2 22:05:50 2006 Subject: MS Slow after update to 4.50.14 on suse In-Reply-To: References: <43E1382D.8010603@haigmail.com> <223f97700602021305nbaf3b62g@mail.gmail.com> Message-ID: <223f97700602021405r50031af5m@mail.gmail.com> On 02/02/06, Scott Silva wrote: > Glenn Steen spake the following on 2/2/2006 1:05 PM: > > On 02/02/06, Scott Silva wrote: (snip) > >> One problem I see is either an old or no file > >> /etc/MailScanner/reports/en/languages.conf. See if this is either a 0 length > >> file, or if you have a /etc/MailScanner/reports/en/languages.conf.rpmnew file. > > > > Ah yes. I actually (he said blushing) walked into that myself this > > time around... Silly cut'n'paste all the three lines... Oh well, if > > that is it, it?s just a matter of moving languages.old back into > > place... > > Jules, perhaps you should stress the need to look for an rpmnew file > > first, before blithely doing the upgrade(s)?... In the nice usage > > would be a good place... > > > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > I thought Julian had fixed the upgrade_languages_conf to not do this a few > months ago. Maybe my rememberer is busted... > I usually check, now, after being bitten by this one. > If so, he managed to un-fix it to this version:-). If you cu'n'oaste the suggested lines to do the upgrade the first one creates the zero.length file, and the subsequent move move it into place... Empirical study (meaning: I goofed up:) show that it certainly will behave as I describe;) > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! *chuckle* Keep dreaming these up.... Makes it worth reading your mails even on matters I don't really care that much about (like Sendmail:). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Thu Feb 2 22:07:48 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 2 22:07:50 2006 Subject: How does one downgrade? In-Reply-To: <43E25ED9.5090103@haigmail.com> References: <43E25ED9.5090103@haigmail.com> Message-ID: <43E282B4.5010201@ecs.soton.ac.uk> I would be very interested to work through your problems with 4.50 when you have time. Lance Haig wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I am having quite a time with the upgrade to 4.50.14 > > I get loads of dependency problems and a 15 characters text e-mail is > taking 20 plus seconds to work through the system. > > The system performed much better on 4.49.X for me. > > I need to go back to the system before I upgraded as it has been two > days now and the delay is quite bad. > > DO I just rename all the old directories and file to their original > names and all is ok? > > What files must I make sure to rename? > > Thanks Guys > > Lance > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFD4l7ZM4kHBIBZ61gRAqIzAJ9hUIblwZL9WTJP95XeliyEJNqAMgCfXvQh > EXxCDjveTbJtBrCL1NWcE+M= > =E6/l > -----END PGP SIGNATURE----- > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From drew at themarshalls.co.uk Thu Feb 2 22:24:40 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Thu Feb 2 22:24:50 2006 Subject: MailScanner needs to be restarted 2 times In-Reply-To: References: <012801c62837$66435980$ab5d5c5c@MOELLER.COM> <43E26F3B.5080907@robhq.com> Message-ID: <87F21993-87EA-4FE5-8683-08467879E1F6@themarshalls.co.uk> On 2 Feb 2006, at 21:42, Scott Silva wrote: > The default during a restart is a 10 second pause. > You might be bypassing this if you are doing a stop, immediately > followed by a > start. > If 10 seconds isn't enough, it is easy enough to find in the > MailScanner init > script. On that spec of machine, 10 seconds isn't enough. My MailScanner processes take more like 20 seconds to die fully on my (Very!) low end AMD K6-s machine. Just edit the init script to put a larger pause in there. > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > Nice sig. Definitely takes signature of the week winner!! Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From naolson at gmail.com Thu Feb 2 22:27:12 2006 From: naolson at gmail.com (Nathan Olson) Date: Thu Feb 2 22:27:15 2006 Subject: MailScanner needs to be restarted 2 times In-Reply-To: <87F21993-87EA-4FE5-8683-08467879E1F6@themarshalls.co.uk> References: <012801c62837$66435980$ab5d5c5c@MOELLER.COM> <43E26F3B.5080907@robhq.com> <87F21993-87EA-4FE5-8683-08467879E1F6@themarshalls.co.uk> Message-ID: <8f54b4330602021427m670dfae8x4ee94848135bd928@mail.gmail.com> Your keyboard wants two of those !!s back. ;) Nate From linux_spartacus at yahoo.com Fri Feb 3 00:39:18 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Fri Feb 3 00:39:22 2006 Subject: cyrus-sasl-sql removal? Message-ID: <20060203003918.24583.qmail@web35610.mail.mud.yahoo.com> hi guys, after installing MS, clamav and spamassassin all works well. But im seeing some logs on my /var/log/messages for auxpropfunct error and sql_select missing. i tried removing cyrus-sasl-sql and the logs were gone. my concers is, will MS use this ? or its ok to remove it. tnx __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From ssilva at sgvwater.com Fri Feb 3 00:44:54 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Feb 3 00:45:12 2006 Subject: MailScanner needs to be restarted 2 times In-Reply-To: <87F21993-87EA-4FE5-8683-08467879E1F6@themarshalls.co.uk> References: <012801c62837$66435980$ab5d5c5c@MOELLER.COM> <43E26F3B.5080907@robhq.com> <87F21993-87EA-4FE5-8683-08467879E1F6@themarshalls.co.uk> Message-ID: Drew Marshall spake the following on 2/2/2006 2:24 PM: > On 2 Feb 2006, at 21:42, Scott Silva wrote: > > >> The default during a restart is a 10 second pause. >> You might be bypassing this if you are doing a stop, immediately >> followed by a >> start. >> If 10 seconds isn't enough, it is easy enough to find in the >> MailScanner init >> script. > > On that spec of machine, 10 seconds isn't enough. My MailScanner > processes take more like 20 seconds to die fully on my (Very!) low end > AMD K6-s machine. Just edit the init script to put a larger pause in there. >> >> MailScanner is like deodorant... >> You hope everybody uses it, and >> you notice quickly if they don't!!!! >> > Nice sig. Definitely takes signature of the week winner!! > If I can just figure out how to get thunderbird to use different signatues on different news accounts from the same gmane account, I wouldn't have MailScanner plugs going to the CentOS list. Oh well... Free advertising for Julian ;-) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From gdoris at rogers.com Fri Feb 3 07:49:01 2006 From: gdoris at rogers.com (Gerry Doris) Date: Fri Feb 3 07:49:25 2006 Subject: MailScanner ANNOUNCE: 4.50 released In-Reply-To: <42A0BBEB-A29D-43E5-90EF-51486DF90B0E@ecs.soton.ac.uk> References: <00ce01c6272b$42124b50$1465a8c0@support01> <42A0BBEB-A29D-43E5-90EF-51486DF90B0E@ecs.soton.ac.uk> Message-ID: <43E30AED.1090003@rogers.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > On 1 Feb 2006, at 13:09, Res wrote: > >>On Wed, 1 Feb 2006, Jeff A. Earickson wrote: >> >> >>>That's a feature I asked for back in November and Julian has kindly >>>implemented. You get it even if log speed is no. Useful for >>>tracking >>>stats on how fast batches move thru your system. >> >>ok well how about those of us that do NOT want it >>those whos logs grow 100 megs a day dont need an extra 10K lines >> >>I'm sure i'm not alone when I ask the thet log speed = no actually >>is a no logging. > > > It's 1 line per batch of messages. If you don't like it feel free to > change it. > :-) > > I like it, it's a very handy indicator that MailScanner is working at > full speed. I also don't like this feature. I've been trying to figure out how to remove it without success. Can you give me some hints how to do so. As well, I agree that Log Speed = no should mean exactly what it says...no speed logging. Gerry From MailScanner at ecs.soton.ac.uk Fri Feb 3 08:56:07 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 3 08:56:28 2006 Subject: MailScanner ANNOUNCE: 4.50 released In-Reply-To: <43E30AED.1090003@rogers.com> References: <00ce01c6272b$42124b50$1465a8c0@support01> <42A0BBEB-A29D-43E5-90EF-51486DF90B0E@ecs.soton.ac.uk> <43E30AED.1090003@rogers.com> Message-ID: <6E4EE040-DCC2-4C22-B1B1-639FCACC0630@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 3 Feb 2006, at 07:49, Gerry Doris wrote: > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> On 1 Feb 2006, at 13:09, Res wrote: >>> On Wed, 1 Feb 2006, Jeff A. Earickson wrote: >>> >>> >>>> That's a feature I asked for back in November and Julian has kindly >>>> implemented. You get it even if log speed is no. Useful for >>>> tracking >>>> stats on how fast batches move thru your system. >>> >>> ok well how about those of us that do NOT want it >>> those whos logs grow 100 megs a day dont need an extra 10K lines >>> >>> I'm sure i'm not alone when I ask the thet log speed = no >>> actually is a no logging. >> It's 1 line per batch of messages. If you don't like it feel free >> to change it. >> :-) >> I like it, it's a very handy indicator that MailScanner is working >> at full speed. > > I also don't like this feature. I've been trying to figure out how > to remove it without success. Can you give me some hints how to do > so. > > As well, I agree that > > Log Speed = no > > should mean exactly what it says...no speed logging. Either edit line 110 of MessageBatch, or else just set syslog.conf so that mail.info is not logged to your maillog. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+MasPw32o+k+q+hAQGTKAgAnBCYpMoY9SIkkWaI9RFlUce0UNf/8MIX C2+vjqgB8Q+Ue6N6te1jwcD6V+i5ux8J6Q9nf9Vdg+TOnbwyt7gDqz/Nx4s0VLyf PiDeq2wOldFN0POjrGk8WF/V6Go5CESs1WKWCh/2SysHP4snqSNGCTBmwXjn1oMa lkTmPVzCNvmoPrZ+L8DW8Teiedkf34MOjVk33MEiQVKaIEEUxuRhUcCHZeq6leZd L9/vo2/nLUGgnjb5vtRorahzzs1mh7z7j49cwuPfin8TH+prIowLp4N9iy6iRh0c MBgkIIyT1yeDaG7T7jVCKuZpwneBYyYfy+qVDbRXP/p7m+Ed9PgNBw== =D7DT -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Feb 3 08:58:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 3 08:58:43 2006 Subject: MS Slow after update to 4.50.14 on suse In-Reply-To: <223f97700602021405r50031af5m@mail.gmail.com> References: <43E1382D.8010603@haigmail.com> <223f97700602021305nbaf3b62g@mail.gmail.com> <223f97700602021405r50031af5m@mail.gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 2 Feb 2006, at 22:05, Glenn Steen wrote: > On 02/02/06, Scott Silva wrote: >> Glenn Steen spake the following on 2/2/2006 1:05 PM: >>> On 02/02/06, Scott Silva wrote: > (snip) >>>> One problem I see is either an old or no file >>>> /etc/MailScanner/reports/en/languages.conf. See if this is >>>> either a 0 length >>>> file, or if you have a /etc/MailScanner/reports/en/ >>>> languages.conf.rpmnew file. >>> >>> Ah yes. I actually (he said blushing) walked into that myself this >>> time around... Silly cut'n'paste all the three lines... Oh well, if >>> that is it, it?s just a matter of moving languages.old back into >>> place... >>> Jules, perhaps you should stress the need to look for an rpmnew file >>> first, before blithely doing the upgrade(s)?... In the nice usage >>> would be a good place... >>> >>> -- >>> -- Glenn >>> email: glenn < dot > steen < at > gmail < dot > com >>> work: glenn < dot > steen < at > ap1 < dot > se >> I thought Julian had fixed the upgrade_languages_conf to not do >> this a few >> months ago. Maybe my rememberer is busted... >> I usually check, now, after being bitten by this one. >> > If so, he managed to un-fix it to this version:-). If you cu'n'oaste > the suggested lines to do the upgrade the first one creates the > zero.length file, and the subsequent move move it into place... > Empirical study (meaning: I goofed up:) show that it certainly will > behave as I describe;) > Check you upgrade_MailScanner_conf or upgrade_languages_conf (one is a link to the other) for this code Usage() unless $oldfname && $newfname && -f $oldfname && -f $newfname && -s $oldfname && -s $newfname; That really should do the job. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+MbPfw32o+k+q+hAQGdNgf9GOBfPMUSLufD14VlcnqAP+ZTVTIyEdub 9IR+IRQ7GdVa/eyRhNWE2pwPTMhH929/XiMt91Xtt971mn5kSIIHCTK17EAU0kcc NOGz/9FhSHXqvGULFxW15lx6ZQDPyiC9g17XZYXLL4bPGe96baQKcVV88g+fru6O ysHJ8+5y+/MhzOXsaG5gmLQX/P5e/p//mky9NrzphMYW4LFbaHivQrcrJh09U0hk +5oc9FxDiSrF4lKmVC8bVWzgDlwzrnqrL3lrlDkEvXdHDekF/gJychgs0bYDjpid Mij1eMcwOk9Gtbhl5GYRavBf9IAIzIF6ANwmGII9JAsBltpqIiUDnA== =+0GH -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Fri Feb 3 09:49:31 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 3 09:49:34 2006 Subject: MS Slow after update to 4.50.14 on suse In-Reply-To: References: <43E1382D.8010603@haigmail.com> <223f97700602021305nbaf3b62g@mail.gmail.com> <223f97700602021405r50031af5m@mail.gmail.com> Message-ID: <223f97700602030149qcd5eca8x@mail.gmail.com> On 03/02/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > On 2 Feb 2006, at 22:05, Glenn Steen wrote: > > > On 02/02/06, Scott Silva wrote: > >> Glenn Steen spake the following on 2/2/2006 1:05 PM: > >>> On 02/02/06, Scott Silva wrote: > > (snip) > >>>> One problem I see is either an old or no file > >>>> /etc/MailScanner/reports/en/languages.conf. See if this is > >>>> either a 0 length > >>>> file, or if you have a /etc/MailScanner/reports/en/ > >>>> languages.conf.rpmnew file. > >>> > >>> Ah yes. I actually (he said blushing) walked into that myself this > >>> time around... Silly cut'n'paste all the three lines... Oh well, if > >>> that is it, it?s just a matter of moving languages.old back into > >>> place... > >>> Jules, perhaps you should stress the need to look for an rpmnew file > >>> first, before blithely doing the upgrade(s)?... In the nice usage > >>> would be a good place... > >>> > >>> -- > >>> -- Glenn > >>> email: glenn < dot > steen < at > gmail < dot > com > >>> work: glenn < dot > steen < at > ap1 < dot > se > >> I thought Julian had fixed the upgrade_languages_conf to not do > >> this a few > >> months ago. Maybe my rememberer is busted... > >> I usually check, now, after being bitten by this one. > >> > > If so, he managed to un-fix it to this version:-). If you cu'n'oaste > > the suggested lines to do the upgrade the first one creates the > > zero.length file, and the subsequent move move it into place... > > Empirical study (meaning: I goofed up:) show that it certainly will > > behave as I describe;) > > > > Check you upgrade_MailScanner_conf or upgrade_languages_conf (one is > a link to the other) for this code > > Usage() unless $oldfname && $newfname && > -f $oldfname && -f $newfname && > -s $oldfname && -s $newfname; > > That really should do the job. > :-) Not really... The instructions are the in the Usage itself: -------------------- RPM === If you are using the RPM distributions then try this: cd /etc/MailScanner/reports/en upgrade_languages_conf languages.conf languages.conf.rpmnew > languages.new mv -f languages.conf languages.old mv -f languages.new languages.conf --------------------- Now, the upgrade thing behaves exactly right, BUT you still create a zero-lenght file because the Usage is printed to STDERR, and _nothing_ to STDOUT. Sure, it's pretty obvious whatwith the Usage carooming by on the screen, but still... If you try to make all this "unattended" or is a bit preoccupied with other things (that'd be me:-) it just _might_ slip by (not that I did let that happen, mind you:-). Note that this is singularly for when you do a cut'n'paste _from the Usage itself_. So having a few words about _not doing it if there's no rpmnew file_ might be a good idea. Specifically since this tend to crop up from time to time:-). That's all, no criticism intended. Cheers, -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Fri Feb 3 10:04:42 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 3 10:04:55 2006 Subject: MS Slow after update to 4.50.14 on suse In-Reply-To: <223f97700602030149qcd5eca8x@mail.gmail.com> References: <43E1382D.8010603@haigmail.com> <223f97700602021305nbaf3b62g@mail.gmail.com> <223f97700602021405r50031af5m@mail.gmail.com> <223f97700602030149qcd5eca8x@mail.gmail.com> Message-ID: <33703DB0-D85A-48B8-827F-F34A62F8CBB7@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 3 Feb 2006, at 09:49, Glenn Steen wrote: > On 03/02/06, Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> >> >> On 2 Feb 2006, at 22:05, Glenn Steen wrote: >> >>> On 02/02/06, Scott Silva wrote: >>>> Glenn Steen spake the following on 2/2/2006 1:05 PM: >>>>> On 02/02/06, Scott Silva wrote: >>> (snip) >>>>>> One problem I see is either an old or no file >>>>>> /etc/MailScanner/reports/en/languages.conf. See if this is >>>>>> either a 0 length >>>>>> file, or if you have a /etc/MailScanner/reports/en/ >>>>>> languages.conf.rpmnew file. >>>>> >>>>> Ah yes. I actually (he said blushing) walked into that myself this >>>>> time around... Silly cut'n'paste all the three lines... Oh >>>>> well, if >>>>> that is it, it?s just a matter of moving languages.old back into >>>>> place... >>>>> Jules, perhaps you should stress the need to look for an rpmnew >>>>> file >>>>> first, before blithely doing the upgrade(s)?... In the nice usage >>>>> would be a good place... >>>>> >>>>> -- >>>>> -- Glenn >>>>> email: glenn < dot > steen < at > gmail < dot > com >>>>> work: glenn < dot > steen < at > ap1 < dot > se >>>> I thought Julian had fixed the upgrade_languages_conf to not do >>>> this a few >>>> months ago. Maybe my rememberer is busted... >>>> I usually check, now, after being bitten by this one. >>>> >>> If so, he managed to un-fix it to this version:-). If you cu'n'oaste >>> the suggested lines to do the upgrade the first one creates the >>> zero.length file, and the subsequent move move it into place... >>> Empirical study (meaning: I goofed up:) show that it certainly will >>> behave as I describe;) >>> >> >> Check you upgrade_MailScanner_conf or upgrade_languages_conf (one is >> a link to the other) for this code >> >> Usage() unless $oldfname && $newfname && >> -f $oldfname && -f $newfname && >> -s $oldfname && -s $newfname; >> >> That really should do the job. >> > :-) > Not really... The instructions are the in the Usage itself: > -------------------- > RPM > === > If you are using the RPM distributions then try this: > > cd /etc/MailScanner/reports/en > upgrade_languages_conf languages.conf languages.conf.rpmnew > > languages.new > mv -f languages.conf languages.old > mv -f languages.new languages.conf > --------------------- > Now, the upgrade thing behaves exactly right, BUT you still create a > zero-lenght file because the Usage is printed to STDERR, and _nothing_ > to STDOUT. Sure, it's pretty obvious whatwith the Usage carooming by > on the screen, but still... If you try to make all this "unattended" > or is a bit preoccupied with other things (that'd be me:-) it just > _might_ slip by (not that I did let that happen, mind you:-). > Note that this is singularly for when you do a cut'n'paste _from the > Usage itself_. So having a few words about _not doing it if there's no > rpmnew file_ might be a good idea. Specifically since this tend to > crop up from time to time:-). So if the Usage is printed, I need to cat the incoming file to stdout as well. Will that fix it? I'm not sure I 100% understand you if that is not right. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+Mqvvw32o+k+q+hAQFaWwgAjQVYffSb07mo/pUzVIDku7kI94IjxBhK 0vSllEYyjYrWVtM1vJkSF8JIsfklgXqF6QvmUZEsLT/ibKeLZCtF6ycNxA4o/wYM 216cNGYqvfM5YJt4UdgILte0jKyHUtlH134+2rmbM9jEhmMfz3Ieg/K7ISlNnV2h bwpoXlk5GtEEAKU86/bFUDuNgSZVEIMwOpcg0Y9NPgP+MLggkdn4/ukCSj5L/Ek6 moK3ojyUuOMGx/lHVWA5ZN2Jl88GaYygwxynltDxAjwe6J3olqIpYU5W7iDJCL3Z lK84kYdTgTNOt1aYu9Mza2coxhDDvt/Ju7f4eYmuuUjONK3kkld6yg== =LgtA -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From res at ausics.net Fri Feb 3 10:36:20 2006 From: res at ausics.net (Res) Date: Fri Feb 3 10:36:30 2006 Subject: New speed benchmark In-Reply-To: <43E22B7B.3000809@pixelhammer.com> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> Message-ID: On Thu, 2 Feb 2006, DAve wrote: > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> >> I forgot to add the MTA is sendmail >> >> On 2 Feb 2006, at 14:59, Julian Field wrote: >> >> >>> * PGP Signed: 02/02/06 at 14:59:40 >>> >>> I have just done a speed test. >>> Hardware: dual Opteron, 4Gb RAM, SCSI disk. >>> Software: RHEL4, MailScanner 4.50, SpamAssassin, DCC, Razor, clamavmodule >>> MailScanner setup: default >>> >>> Speed: 770,000 messages per day >> >> > > What happens at 780,000 messages a day? > and at what loads > DAve > -- Cheers Res From res at ausics.net Fri Feb 3 10:46:09 2006 From: res at ausics.net (Res) Date: Fri Feb 3 10:46:16 2006 Subject: MailScanner ANNOUNCE: 4.50 released In-Reply-To: <43E30AED.1090003@rogers.com> References: <00ce01c6272b$42124b50$1465a8c0@support01> <42A0BBEB-A29D-43E5-90EF-51486DF90B0E@ecs.soton.ac.uk> <43E30AED.1090003@rogers.com> Message-ID: Hi Gerry, locate MessageBatch.pm load it in vi/pico and comment out line 110 #MailScanner::Log::InfoLog("Batch processed in %.2f seconds", $totaltime); On Fri, 3 Feb 2006, Gerry Doris wrote: > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> >> On 1 Feb 2006, at 13:09, Res wrote: >> >>> On Wed, 1 Feb 2006, Jeff A. Earickson wrote: >>> >>> >>>> That's a feature I asked for back in November and Julian has kindly >>>> implemented. You get it even if log speed is no. Useful for tracking >>>> stats on how fast batches move thru your system. >>> >>> ok well how about those of us that do NOT want it >>> those whos logs grow 100 megs a day dont need an extra 10K lines >>> >>> I'm sure i'm not alone when I ask the thet log speed = no actually is a >>> no logging. >> >> >> It's 1 line per batch of messages. If you don't like it feel free to >> change it. >> :-) >> >> I like it, it's a very handy indicator that MailScanner is working at full >> speed. > > I also don't like this feature. I've been trying to figure out how to remove > it without success. Can you give me some hints how to do so. > > As well, I agree that > > Log Speed = no > > should mean exactly what it says...no speed logging. > > Gerry > -- Cheers Res From MailScanner at ecs.soton.ac.uk Fri Feb 3 11:06:29 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 3 11:06:42 2006 Subject: New speed benchmark In-Reply-To: References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> Message-ID: <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 3 Feb 2006, at 10:36, Res wrote: > On Thu, 2 Feb 2006, DAve wrote: > >> Julian Field wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> I forgot to add the MTA is sendmail >>> On 2 Feb 2006, at 14:59, Julian Field wrote: >>>> > Old Signed: 02/02/06 at 14:59:40 >>>> I have just done a speed test. >>>> Hardware: dual Opteron, 4Gb RAM, SCSI disk. >>>> Software: RHEL4, MailScanner 4.50, SpamAssassin, DCC, Razor, >>>> clamavmodule >>>> MailScanner setup: default >>>> Speed: 770,000 messages per day >> >> What happens at 780,000 messages a day? >> > > and at what loads Maintained about 10 which is what I would expect. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+M5OPw32o+k+q+hAQFMhggAkbE3ehk4UG3MHsz0wcRHi0Vof/XWqhsd WUTBEsXtRVvx9ZshsLDHRWYX70P6u5VBChqiQKfGBUL/kYO69m44jO3Q189aOZgz Xp8jSy5ly6OzAHXxCmHD22nyk2pdYuPI8Pkr59lK+r8CMh45rCqX7i4h4uIRfz8v vIaLMsmmoeHFkcQBH+jMg5x2HlHVosWC+WnIjpQytU9K9ggEIKY92vnU+nN41j8P FRTF07CFIjkoyYDWPr5rbquY1e1z+MyZ6QYQwFYWW+jxCfOFPHfwIMfTs6JQzzUL GisT0NSjzSZ3KEIVeTQnma9J1oWFH5d3hN7VDYmOutlGoPn9+MBfDA== =oUO7 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Fri Feb 3 11:46:13 2006 From: rcooper at dwford.com (Rick Cooper) Date: Fri Feb 3 11:47:47 2006 Subject: Panda Wrapper reporting zero In-Reply-To: <43DFB8B4.20309@pixelmagicfx.com> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Victor > DiMichina > Sent: Tuesday, January 31, 2006 2:21 PM > To: MailScanner discussion > Subject: Re: Panda Wrapper reporting zero > > > > Julian Field wrote: > > > Very few people have ever had much luck getting Panda to work > > properly. It is the worst of all the virus scanners I support. Check > > you /etc/MailScanner/virus.scanners.conf file to be sure you have the > > right path. > > > > Run this > > /usr/lib/MailScanner/panda-wrapper /usr /tmp > > will scan /tmp for you, the "/usr" argument is the path taken from the > > end of the corresponding line in virus.scanners.conf. > > > I figured as much. I had it working when the wrapper was all in > Spanish and before Panda went to their over-engineered output. :) > > Looking through the archives, it seems like some had a measure of > success with Rick's new wrapper. I can actually see results of the > wrapper detecting and eliminating virus files, but can't get an > accurate report. The only reason I'm bothering is because I'm under > support for one more year, and I'd like to use it. > When you say an accurate report, it's not logging the detections in the maillog? I am still at 4.46.2 because there were so many changes after that I haven't had the desire to rebuild the two patches I have to integrate into each new MS release but I suppose I can try and get to it this weekend and see if something might have changed to affect the logging. It seemed like I had to do something to prevent double logging and perhaps that was fixed and now it doesn't log anything? Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Fri Feb 3 11:33:58 2006 From: rcooper at dwford.com (Rick Cooper) Date: Fri Feb 3 11:47:49 2006 Subject: Panda Wrapper reporting zero In-Reply-To: <43DFB109.7030609@pixelmagicfx.com> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Victor > DiMichina > Sent: Tuesday, January 31, 2006 1:49 PM > To: mailscanner@lists.mailscanner.info > Subject: Panda Wrapper reporting zero > > > > I've been wrestling with the Panda Wrapper for some time now. It's > *probably* working, but with no reporting. The only way I can see it > working is when I run it manually on an Eicar virus, I have the -ren > option selected so that it actually renames the eicar.com to > eicar.com.vir. It still returns a Virus=0 status. I get no updates > from MailScanner the way I do for the f-secure wrapper. > Does anyone have success in getting Panda's wrapper to report a virus > when found? Even though it's probably working, it's not a very > secure feeling just trusting a piece of code to do its job with no > feedback. > MailScanner Version 4.47.4 > I am not following exactly what you mean here. Are you running the wrapper manually *exactly* the way it's describer at the top of the wrapper? I havent touched it for a loooong time, but because of some of the er, odd, ways they have the thing working it needs to be run exactly (dir structure and all) the way it shows at the top of the wrapper. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From a.peacock at chime.ucl.ac.uk Fri Feb 3 12:07:46 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Feb 3 12:07:53 2006 Subject: sendmail greet_pause feature In-Reply-To: <20060202143933.05h6byks2sggokwo@webmail.waversveld.nl> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> <20060202110216.wtklxpib4scwssco@webmail.waversveld.nl> <43E1DFD2.20708@chime.ucl.ac.uk> <20060202141929.by6t7fas74wo0woc@webmail.waversveld.nl> <43E209D4.8050902@chime.ucl.ac.uk> <20060202143933.05h6byks2sggokwo@webmail.waversveld.nl> Message-ID: <43E34792.8060706@chime.ucl.ac.uk> Hi Joost, No worries :-) Joost Waversveld wrote: > Anthony, > > I get your point and you're absolutely right. I'm sorry for that. I > won't do it again :-D > > Greetz, > > Joost > > ----- Message from a.peacock@chime.ucl.ac.uk --------- > Date: Thu, 02 Feb 2006 13:32:04 +0000 > From: Anthony Peacock > Reply-To: MailScanner discussion > Subject: Re: sendmail greet_pause feature > To: MailScanner discussion > > >> Hi Joost, >> >> My comments were more directed to the list in general. >> >> Julian was very clear in his email earlier that on _Linux_ the lock >> type needs to change to Posix for Sendmail 8.13 and above. >> >> I just get twitchy when statements are made that don't recognise that >> the OS is an important component in this setting. First, it makes me >> doubt my configuration. Secondly, it might give the wrong impression >> to admins of OSs other than Linux. >> >> Changing the default would have implications for me. If I didn't spot >> that it had changed I may start to see problems after an upgrade, with >> a system that runs fine at the moment. >> >> Joost Waversveld wrote: >>> I really do not know if this is for all the OS's. I do know that it >>> is true for Redhat, CentOS, etc. >>> >>> ----- Message from jaearick@colby.edu --------- >>> Date: Thu, 2 Feb 2006 08:05:58 -0500 (EST) >>> From: "Jeff A. Earickson" >>> Reply-To: MailScanner discussion >>> Subject: Re: sendmail greet_pause feature >>> To: MailScanner discussion >>> >>> >>>> Same here. running Solaris 9 with sendmail 8.13.5. I've never >>>> touched the Lock Type setting. >>>> >>>> Jeff Earickson >>>> Colby College >>>> >>>> On Thu, 2 Feb 2006, Anthony Peacock wrote: >>>> >>>>> Date: Thu, 02 Feb 2006 10:32:50 +0000 >>>>> From: Anthony Peacock >>>>> Reply-To: MailScanner discussion >>>>> To: MailScanner discussion >>>>> Subject: Re: sendmail greet_pause feature >>>>> >>>>> Hi, >>>>> >>>>> Joost Waversveld wrote: >>>>>> You must force posix locking... The standard will be flock >>>>>> locking. I thought Julian is thinking about changing the standard >>>>>> to posix, but at the moment the standard is still "flock" >>>>>> >>>>>> So it must be "Lock Type = posix" for you... ;) >>>>> >>>>> Is this true for all OSs? >>>>> >>>>> I am using Sendmail 8.13 and the default locking on Solaris and I >>>>> am not having any problems at all. I always thought the advice was >>>>> only change this if you are having problems. I also recall that >>>>> the requirement for posix locking is dependent on the OS. >>>>> >>>>> Grateful for any correction. >>>>> >>>>> >>>>>> >>>>>> Joost Waversveld >>>>>> >>>>>> ----- Message from wmcdonald@gmail.com --------- >>>>>> Date: Thu, 2 Feb 2006 09:53:08 +0000 >>>>>> From: Will McDonald >>>>>> Reply-To: MailScanner discussion >>>>>> Subject: Re: sendmail greet_pause feature >>>>>> To: MailScanner discussion >>>>>> >>>>>> >>>>>>> On 01/02/06, Julian Field wrote: >>>>>>> >>>>>>>> On Linux, sendmail 8.13 and upwards needs posix, anything before >>>>>>>> 8.13 >>>>>>>> needs flock. >>>>>>> >>>>>>> Is locking autodetecting, if you see what I mean? In the >>>>>>> MailScanner.conf it says... >>>>>>> >>>>>>> # How to lock spool files. >>>>>>> # Don't set this unless you *know* you need to. >>>>>>> # For sendmail, it defaults to "flock". >>>>>>> # For sendmail 8.13 onwards, you will probably need to change it >>>>>>> to posix. >>>>>>> # For Exim, it defaults to "posix". >>>>>>> # No other type is implemented. >>>>>>> Lock Type = >>>>>>> >>>>>>> Does MailScanner *know* I'm running 8.13 or should I force posix >>>>>>> locking? >>>>>>> >>>>>>> Will. >>>>>>> -- >>>>>>> MailScanner mailing list >>>>>>> mailscanner@lists.mailscanner.info >>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>> >>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>> >>>>>> >>>>>> ----- End message from wmcdonald@gmail.com ----- >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Anthony Peacock >>>>> CHIME, Royal Free & University College Medical School >>>>> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ >>>>> "The most exciting phrase to hear in science, the one that heralds >>>>> new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac >>>>> Asimov >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> >>> ----- End message from jaearick@colby.edu ----- >>> >>> >> >> >> -- >> Anthony Peacock >> CHIME, Royal Free & University College Medical School >> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ >> "The most exciting phrase to hear in science, the one that heralds new >> discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > ----- End message from a.peacock@chime.ucl.ac.uk ----- > > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From john at tradoc.fr Fri Feb 3 12:48:13 2006 From: john at tradoc.fr (John Wilcock) Date: Fri Feb 3 12:48:20 2006 Subject: Remove time from logwatch reports In-Reply-To: <1138632634.3244.3.camel@dwarfstar.stellarcore.net> References: <200601301200.k0UC0JgL009618@bkserver.blacknight.ie> <1138632634.3244.3.camel@dwarfstar.stellarcore.net> Message-ID: <43E3510D.4000108@tradoc.fr> Mike Tremaine wrote: > In the long run as soon as I upgrade to 4.50 I'll patch the mailscanner > script to do the right thing. Here's a patch (against logwatch 7.2.1) that should do the trick - ignoring MailScanner's new batch timing lines and reporting on the number of SA cache hits. John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr -------------- next part -------------- --- mailscanner-lw721 2006-02-02 11:18:13.000000000 +0100 +++ mailscanner 2006-02-03 13:29:10.000000000 +0100 @@ -87,7 +87,12 @@ ( $ThisLine =~ m/^Started SQL Logging child/ ) or ( $ThisLine =~ m/^Starting up SQL Whitelist|Blacklist/ ) or ( $ThisLine =~ m/^Read .+ whitelist|blacklist entries/ ) or - ( $ThisLine =~ m/^Closing down by-domain spam whitelist|blacklist/ ) + ( $ThisLine =~ m/^Closing down by-domain spam whitelist|blacklist/ ) or + ( $ThisLine =~ m/^Connected to SpamAssassin cache database/ ) or + ( $ThisLine =~ m/^Using SpamAssassin results cache/ ) or + ( $ThisLine =~ m/^Expired .+ records from the SpamAssassin cache/ ) or + ( $ThisLine =~ m/^Batch processed in .+ seconds/ ) or + ( $ThisLine =~ m/^\"Always Looked Up Last\" took .+ seconds/ ) ) { # We don't care about these } elsif ( $ThisLine =~ m/New Batch: Scanning ([0-9]+) messages, ([0-9]+) bytes/i) { @@ -236,8 +241,10 @@ $ImgTagSource{$1}++; } elsif ($ThisLine =~ m/Logged to MailWatch SQL/) { $MailWatchSQL++; - } elsif ($ThisLine =~ m/Quarantining modified message for .+/) { + } elsif ($ThisLine =~ m/Quarantining modified message for/) { $DisarmedQuarantined++; + } elsif ($ThisLine =~ m/SpamAssassin cache hit for message/) { + $SACacheHit++; } else { chomp($ThisLine); # Report any unmatched entries... @@ -271,6 +278,10 @@ } } +if ($SACacheHit > 0) { + print "\n\t\t" . $SACacheHit . ' hits from MailScanner SpamAssassin cache'; +} + if ($MailScan_Unscanned > 0) { print "\n\t" . $MailScan_Unscanned . ' Messages forwarded unscanned by MailScanner'; } From rgreen at trayerproducts.com Fri Feb 3 13:28:10 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Fri Feb 3 13:28:31 2006 Subject: OT: Mail Archiving Message-ID: <43E35A6A.1080602@trayerproducts.com> Hello, I'm archiving mail to mbox files using the archive rules in MS. I was wondering if anyone knows of software that will move and compress the archived mail to conserve disk space? Any advice is welcome. Thanks! Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From housey at sme-ecom.co.uk Fri Feb 3 13:57:36 2006 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Fri Feb 3 13:57:59 2006 Subject: Mail Archiving In-Reply-To: <43E35A6A.1080602@trayerproducts.com> Message-ID: I use archmbox from http://adc-archmbox.sourceforge.net/ is a pretty good tool. Hope it helps Paul -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Rodney Green Sent: 03 February 2006 13:28 To: MailScanner mailing list Subject: OT: Mail Archiving Hello, I'm archiving mail to mbox files using the archive rules in MS. I was wondering if anyone knows of software that will move and compress the archived mail to conserve disk space? Any advice is welcome. Thanks! Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This message has been scanned for unacceptable content by 'VITANIUM' the industry leading email virus and content management service from Vitanium Systems. Contact details are available at www.vitanium.com. From shuttlebox at gmail.com Fri Feb 3 14:08:57 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Feb 3 14:09:01 2006 Subject: OT: Mail Archiving In-Reply-To: <43E35A6A.1080602@trayerproducts.com> References: <43E35A6A.1080602@trayerproducts.com> Message-ID: <625385e30602030608r67d1faa3s37204fc8f4253f76@mail.gmail.com> On 2/3/06, Rodney Green wrote: > > Hello, > > I'm archiving mail to mbox files using the archive rules in MS. I was > wondering if anyone knows of software that will move and compress the > archived mail to conserve disk space? Any advice is welcome. > A simple line in crontab will do the job for you. 0 6 * * * find /yourarchivedir -type f -mtime +10 -exec gzip {} \; The above will gzip files older than 10 days. You can do whatever you want with similar commands. No need for extra software. I'm sure others will post more advanced examples, I just wrote a line from memory. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060203/a34593fa/attachment.html From MailScanner at ecs.soton.ac.uk Fri Feb 3 14:19:54 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 3 14:20:03 2006 Subject: OT: Mail Archiving In-Reply-To: <625385e30602030608r67d1faa3s37204fc8f4253f76@mail.gmail.com> References: <43E35A6A.1080602@trayerproducts.com> <625385e30602030608r67d1faa3s37204fc8f4253f76@mail.gmail.com> Message-ID: <701EFA27-1212-4933-A914-C519EC5D70FB@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 487 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060203/497f0cdd/PGP.bin From test at nextmill.net Fri Feb 3 14:30:59 2006 From: test at nextmill.net (test) Date: Fri Feb 3 14:31:04 2006 Subject: TNEF Expander Maxsize not working! (80 meg emails) Message-ID: <200602030630765.SM03436@70.182.179.161> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060203/6ebaef9d/attachment.html From MailScanner at ecs.soton.ac.uk Fri Feb 3 14:47:36 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 3 14:47:45 2006 Subject: TNEF Expander Maxsize not working! (80 meg emails) In-Reply-To: <200602030630765.SM03436@70.182.179.161> References: <200602030630765.SM03436@70.182.179.161> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Mount your /tmp using tmpfs, then it should be okay. On 3 Feb 2006, at 14:30, test wrote: > Even with TNEF Expander set to a max size of 10 megs, any file over > 80+ megs will cause MailScanner to 'crash', the child process lines > read 'expanding attachments' and then that process turns into a ! > Goes into a never ending cycle until I perform a MV of the super > large email from mqueue.in to mqueue to bypass the Mailscanner > check. Any ideas? This happens very often and I can't understand > why its not accepting the --maxsize setting. My /tmp/ is only 100 > megs (ram) and it can't handle the super large emails. > > MailScanner 4.50.15-1/Redhat Fedora Core 2/SA 3.1.0 > > Mailscanner.conf > > TNEF Expander = /usr/bin/tnef --maxsize=10000000 > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+NtCfw32o+k+q+hAQGwZQgAu8yvWCpWsi9g4Lg2cfbqWDTEzY47pWmB y8p/kyJDcIMuNt4UOZCcmZS+mkOS3NkTIsxOraLaxBIJ5qdPD8CtV1wRv7NZVYeh r6AgjB95yrLXJHD2lkwevlc9mb0j7Qwz53uSIu8pF1tOdB7sINJE9G2j6OtwPYY5 LUocZQp/krr7W7QvI2ztSbenPM7YQIqbTTIFosE7dpW+GcKNG740dPh7hKc/OMtB s1aRmwO2XIrvG8uVTM7JxSvkS9O4/VtSRRD6WMfocUzOZvpXk3cWVZ4iVcjCkCqQ g6vFf+xwJltDxah9cVaNjUAz45TJDb7NYVFFbpOtTgMry+YpKx59ug== =UyQb -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rgreen at trayerproducts.com Fri Feb 3 14:48:02 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Fri Feb 3 14:49:27 2006 Subject: OT: Mail Archiving In-Reply-To: <701EFA27-1212-4933-A914-C519EC5D70FB@ecs.soton.ac.uk> References: <43E35A6A.1080602@trayerproducts.com> <625385e30602030608r67d1faa3s37204fc8f4253f76@mail.gmail.com> <701EFA27-1212-4933-A914-C519EC5D70FB@ecs.soton.ac.uk> Message-ID: <43E36D22.8020008@trayerproducts.com> > find /yourarchivedir -type f -mtime +10 -print | xargs gzip > > will be faster :-) Thanks guys. I did some more searching and found another option that I'm testing. I found this: http://archivemail.sourceforge.net/ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From test at nextmill.net Fri Feb 3 14:53:36 2006 From: test at nextmill.net (test) Date: Fri Feb 3 14:53:42 2006 Subject: TNEF Expander Maxsize not working! (80 meg emails) Message-ID: <200602030653234.SM02500@70.182.179.161> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060203/b0e302e2/attachment.html From dyioulos at firstbhph.com Fri Feb 3 14:54:25 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Fri Feb 3 14:54:31 2006 Subject: OT: Mail Archiving In-Reply-To: <43E36D22.8020008@trayerproducts.com> References: <43E35A6A.1080602@trayerproducts.com> <701EFA27-1212-4933-A914-C519EC5D70FB@ecs.soton.ac.uk> <43E36D22.8020008@trayerproducts.com> Message-ID: <200602030954.25564.dyioulos@firstbhph.com> On Friday February 03 2006 9:48 am, Rodney Green wrote: > > find /yourarchivedir -type f -mtime +10 -print | xargs gzip > > > > will be faster :-) > > Thanks guys. I did some more searching and found another option that I'm > testing. I found this: http://archivemail.sourceforge.net/ > > If you're looking for a separate archiving tool, also take a look at Synonym (http://www.modulo.ro/content/view/55/1//). Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From test at nextmill.net Fri Feb 3 14:57:46 2006 From: test at nextmill.net (Brian) Date: Fri Feb 3 14:57:51 2006 Subject: TNEF Expander Maxsize not working! (80 meg emails) Message-ID: <200602030657328.SM02500@70.182.179.161> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060203/efebb7f4/attachment.html From greg at blastzone.com Fri Feb 3 15:23:45 2006 From: greg at blastzone.com (Greg Deputy) Date: Fri Feb 3 15:23:52 2006 Subject: Upgraded from 4.38 to 4.50 and WOW Message-ID: <0b8f01c628d5$d2c3cbf0$0a0a0a0a@greg> I upgraded my MailScanner installation last night from 4.38 to 4.50. It's a fedora box running postfix, and a smaller machine (p3 with 512M ram) that has been pretty much at capacity. Before the upgrade, the CPU utilization averaged 75%. After upgrading, the CPU utilization has dropped to 25%! The only thing that has changed is the MailScanner version. Looks like the recent changes have REALLY made a difference! http://mx.blastzone.com/mailscanner-mrtg/cpu/cpu.html MailScanner rocks. Thanks Julian! From gborders at jlewiscooper.com Fri Feb 3 15:24:35 2006 From: gborders at jlewiscooper.com (Greg Borders) Date: Fri Feb 3 15:26:16 2006 Subject: Remove time from logwatch reports In-Reply-To: <6E4EE040-DCC2-4C22-B1B1-639FCACC0630@ecs.soton.ac.uk> References: <00ce01c6272b$42124b50$1465a8c0@support01> <42A0BBEB-A29D-43E5-90EF-51486DF90B0E@ecs.soton.ac.uk> <43E30AED.1090003@rogers.com> <6E4EE040-DCC2-4C22-B1B1-639FCACC0630@ecs.soton.ac.uk> Message-ID: <43E375B3.7090907@jlewiscooper.com> >> I also don't like this feature. I've been trying to figure out how >> to remove it without success. Can you give me some hints how to do >> so. >> >> As well, I agree that >> >> Log Speed = no >> >> should mean exactly what it says...no speed logging. >> > > Either edit line 110 of MessageBatch, or else just set syslog.conf so > that mail.info is not logged to your maillog. Taking a look at the MessageBatch.pm file, I see in 'if' in there for the log variable, would this logic work? My Pearl is weak. ;) # before MailScanner::Log::InfoLog("Batch completed at %d bytes per second (%d / %d)", $speed, $totalbytes, $now-$this->{starttime}) if MailScanner::Config::Value('logspeed'); MailScanner::Log::InfoLog("Batch processed in %.2f seconds", $totaltime); # after if ( MailScanner::Config::Value('logspeed') ) { MailScanner::Log::InfoLog("Batch completed at %d bytes per second (%d / %d)", $speed, $totalbytes, $now-$this->{starttime}) MailScanner::Log::InfoLog("Batch processed in %.2f seconds", $totaltime); } Greg Borders Sys. Admin. JLC Co. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060203/a6bad431/attachment.html From glenn.steen at gmail.com Fri Feb 3 16:02:27 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 3 16:02:29 2006 Subject: MS Slow after update to 4.50.14 on suse In-Reply-To: <33703DB0-D85A-48B8-827F-F34A62F8CBB7@ecs.soton.ac.uk> References: <43E1382D.8010603@haigmail.com> <223f97700602021305nbaf3b62g@mail.gmail.com> <223f97700602021405r50031af5m@mail.gmail.com> <223f97700602030149qcd5eca8x@mail.gmail.com> <33703DB0-D85A-48B8-827F-F34A62F8CBB7@ecs.soton.ac.uk> Message-ID: <223f97700602030802n4590764et@mail.gmail.com> On 03/02/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > On 3 Feb 2006, at 09:49, Glenn Steen wrote: > > > On 03/02/06, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> > >> > >> On 2 Feb 2006, at 22:05, Glenn Steen wrote: > >> > >>> On 02/02/06, Scott Silva wrote: > >>>> Glenn Steen spake the following on 2/2/2006 1:05 PM: > >>>>> On 02/02/06, Scott Silva wrote: > >>> (snip) > >>>>>> One problem I see is either an old or no file > >>>>>> /etc/MailScanner/reports/en/languages.conf. See if this is > >>>>>> either a 0 length > >>>>>> file, or if you have a /etc/MailScanner/reports/en/ > >>>>>> languages.conf.rpmnew file. > >>>>> > >>>>> Ah yes. I actually (he said blushing) walked into that myself this > >>>>> time around... Silly cut'n'paste all the three lines... Oh > >>>>> well, if > >>>>> that is it, it?s just a matter of moving languages.old back into > >>>>> place... > >>>>> Jules, perhaps you should stress the need to look for an rpmnew > >>>>> file > >>>>> first, before blithely doing the upgrade(s)?... In the nice usage > >>>>> would be a good place... > >>>>> > >>>>> -- > >>>>> -- Glenn > >>>>> email: glenn < dot > steen < at > gmail < dot > com > >>>>> work: glenn < dot > steen < at > ap1 < dot > se > >>>> I thought Julian had fixed the upgrade_languages_conf to not do > >>>> this a few > >>>> months ago. Maybe my rememberer is busted... > >>>> I usually check, now, after being bitten by this one. > >>>> > >>> If so, he managed to un-fix it to this version:-). If you cu'n'oaste > >>> the suggested lines to do the upgrade the first one creates the > >>> zero.length file, and the subsequent move move it into place... > >>> Empirical study (meaning: I goofed up:) show that it certainly will > >>> behave as I describe;) > >>> > >> > >> Check you upgrade_MailScanner_conf or upgrade_languages_conf (one is > >> a link to the other) for this code > >> > >> Usage() unless $oldfname && $newfname && > >> -f $oldfname && -f $newfname && > >> -s $oldfname && -s $newfname; > >> > >> That really should do the job. > >> > > :-) > > Not really... The instructions are the in the Usage itself: > > -------------------- > > RPM > > === > > If you are using the RPM distributions then try this: > > > > cd /etc/MailScanner/reports/en > > upgrade_languages_conf languages.conf languages.conf.rpmnew > > > languages.new > > mv -f languages.conf languages.old > > mv -f languages.new languages.conf > > --------------------- > > Now, the upgrade thing behaves exactly right, BUT you still create a > > zero-lenght file because the Usage is printed to STDERR, and _nothing_ > > to STDOUT. Sure, it's pretty obvious whatwith the Usage carooming by > > on the screen, but still... If you try to make all this "unattended" > > or is a bit preoccupied with other things (that'd be me:-) it just > > _might_ slip by (not that I did let that happen, mind you:-). > > Note that this is singularly for when you do a cut'n'paste _from the > > Usage itself_. So having a few words about _not doing it if there's no > > rpmnew file_ might be a good idea. Specifically since this tend to > > crop up from time to time:-). > > So if the Usage is printed, I need to cat the incoming file to stdout > as well. Will that fix it? I'm not sure I 100% understand you if that > is not right. > Nah, just change the text in the Usage from If you are using the RPM distributions then try this: to If you are using the RPM distributions, and have a langauges.rpmnew file, then try this: or change the sugegsted commands to upgrade_languages_conf languages.conf languages.conf.rpmnew > languages.new test -f languages.conf.rpmnew && mv -f languages.conf languages.old test -f languages.conf.rpmnew && mv -f languages.new languages.conf && rm -f languages.conf.rpmnew ... The final rm could of course be an "mv -f langages.conf.rpmnew languages.conf.rpmnew.done", so that one don't lose the rpmnew file... It's just a suggestion though:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From craigwhite at azapple.com Fri Feb 3 16:21:45 2006 From: craigwhite at azapple.com (Craig White) Date: Fri Feb 3 16:22:00 2006 Subject: MailScanner needs to be restarted 2 times In-Reply-To: References: <012801c62837$66435980$ab5d5c5c@MOELLER.COM> <43E26F3B.5080907@robhq.com> <87F21993-87EA-4FE5-8683-08467879E1F6@themarshalls.co.uk> Message-ID: <1138983705.26170.35.camel@lin-workstation.azapple.com> On Thu, 2006-02-02 at 16:44 -0800, Scott Silva wrote: > Drew Marshall spake the following on 2/2/2006 2:24 PM: > > Nice sig. Definitely takes signature of the week winner!! > > > If I can just figure out how to get thunderbird to use different signatues on > different news accounts from the same gmane account, I wouldn't have > MailScanner plugs going to the CentOS list. > > Oh well... Free advertising for Julian ;-) ---- do you mean the airplane sig? I kind of like that one. It's been kind of quiet on CentOS list lately anyway. Craig From Kevin_Miller at ci.juneau.ak.us Fri Feb 3 17:22:22 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Feb 3 17:22:29 2006 Subject: What is nobody doing? Message-ID: Since I upgraded one of my machines the other day (from 4.33 to 4.50.? beta) my /var/log/messages has been filling up with the messages below. I opened two term windows, one running 'tail -f /var/log/mail' and the other running 'tail -f /var/log/messges' then watched to see what it was happening. /var/log/messages: ================== Feb 2 08:18:23 mail3 su: (to nobody) root on none Feb 2 08:18:23 mail3 su: pam_unix2: session started for user nobody, service su Feb 2 08:18:23 mail3 su: pam_unix2: session finished for user nobody, service su /var/log/mail: ============== Feb 2 08:18:21 mail3 sendmail-in[6185]: k12HIK0g006185: to=, delay=00:00:00, mailer=esmtp, pri=33805, stat=queued Feb 2 08:18:22 mail3 MailScanner[5160]: New Batch: Scanning 1 messages, 4424 bytes Normally I see a few 'session started for user nobody' when updatedb runs, but these are happening everytime new mail arrives. The su seems to happen just after the message is queued, that is between the first and second lines in the mail log. Is this expected behavior? Why does root need to su to nobody to do whatever it's doing, when it never had to before? ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From glenn.steen at gmail.com Fri Feb 3 18:52:11 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 3 18:52:30 2006 Subject: Typo in Action... Message-ID: <223f97700602031052h5add50b3q@mail.gmail.com> ... or "Le Grand Typo" strikes again.... Jules, what exactly happens to mails that hit an Action with a typo in it? And why doesn't MailScanner --lint pick up the typo? Let me explain what happened: Happy as a seal in a fish-shop I was busily tweaking my MailScanner.conf yesterday. During that time one of the Action statements accidentally happened to "morph" into Spam Action: deliverheader ... where ... is (of course) the rest of the actions on that one. After a not too long while, I discovered the typo and rectified it. Messages where passingthrough (according to MailWatch), but never being delivered.... And in the logs, there were never any mention of the usual requeueing (sory, am 2home, so no log examples today). I started hunting around (in the postfix queues and in /var/spool/MailScanner/*) but couldn't find any trace of them. Did I just deliver those into the bit-bucket? I've been running MailScanner --lint extensively, also when the error was there, but it never ever gave any indication that anything was wrong... Does the lint try these with just a plain --lint, or do I need use any of the other new (and as of yet untried, by me) options? And now you all know why I'm "Le Grand Typo":-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mrm at medicine.wisc.edu Fri Feb 3 19:57:20 2006 From: mrm at medicine.wisc.edu (Michael Masse) Date: Fri Feb 3 19:58:06 2006 Subject: Blocking spam based on from address Message-ID: I'm using the latest release of MS and SA with sendmail 8.13 as the MTA setup as a relay to a Groupwise system. I'm having a big problem with spam that bogusly claims to come from within my own domain either via the envope sender or header sender or both. SA flags most of these as spam just fine, but the problem is that GW ignores the x-spam-status flag if the sender claims to be within your own domain and does not automatically move it to the junkmail folder. This is obviously a Groupwise problem that many people have complained to Novell about and they claim to be working on it, but that does no good for right now. Since we are using MS as a relay there is never a case where mail destined to a user within our domain will ever be from another user within our domain because that all happens internally within Groupwise. The only email that goes through MS that truthfully has a from address of our domain is outgoing email. Since MS calls sendmail, can MS tell sendmail to drop all email claiming to come from our domain unless it actually is, or is this something that I have to do at the MTA level? I really don't want to do reverse dns lookups for everything, because the only emails I'm concerned about are the ones claiming to come from within. I am already having sendmail block all bogus HELO's which claim to be the same DNS name as the MS machine. I know this isn't RFC compliant but after a couple months of dropping a few thousand spams per day with not a single complaint about it I'm pretty happy with it since I don't have to waste CPU cycles on processing them. I'd like to do something similar with the bogus from address emails, but am not sure if this is a MS or MTA issue. As a last resort, is it possible to have MS change the from address if the original from address is our domain and it gets flagged as spam? That would still cause the email to have to be processed completely, but would at least bypass the stupid Groupwise issue of ignoring the x-spam-status flag in the header because of a known domain name. Mike From Kevin_Miller at ci.juneau.ak.us Fri Feb 3 20:04:56 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Feb 3 20:05:00 2006 Subject: Blocking spam based on from address Message-ID: Michael Masse wrote: > I'm using the latest release of MS and SA with sendmail 8.13 as the > MTA setup as a relay to a Groupwise system. I'm having a big > problem with spam that bogusly claims to come from within my own > domain either via the envope sender or header sender or both. SA Have you set up SPF? That may help with some of that... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From glenn.steen at gmail.com Fri Feb 3 20:28:24 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 3 20:28:28 2006 Subject: Blocking spam based on from address In-Reply-To: References: Message-ID: <223f97700602031228p76dbe726g@mail.gmail.com> On 03/02/06, Kevin Miller wrote: > Michael Masse wrote: > > I'm using the latest release of MS and SA with sendmail 8.13 as the > > MTA setup as a relay to a Groupwise system. I'm having a big > > problem with spam that bogusly claims to come from within my own > > domain either via the envope sender or header sender or both. SA > > Have you set up SPF? That may help with some of that... > > ?m no sendmail guru, but this is pretty easy to implement in Postfix You do so with adequate sender restrictions (that check that the bozos don't use your addresses) and helo restrictions (again, check you get a fqdn or "literal IP address", and that neither are yours. Even if this might bend the letter of the RFCs it's OK (I'm to tired to remember what would be the point of allowing them to helo with your fqdn/ip). Only spammers/viruses do this. I've been using such restrictions for quite some time now, no ill effects. And combine that with just accepting mails destined to real email addresses, and you?ll be fine. I can provide some examples (come monday) upon request. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From lbcadmin at gmail.com Fri Feb 3 21:44:55 2006 From: lbcadmin at gmail.com (Information Services) Date: Fri Feb 3 21:44:59 2006 Subject: Limit the number of days Message-ID: I am using the default location for MailScanner to archive mail: /var/spool/MailScanner/archive. I see that MailScanner keeps about 90 days before it starts deleting the archived mail. Where would I find the setting to change it to maintain even less days before it starts to delete? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060203/818046aa/attachment.html From res at ausics.net Fri Feb 3 22:43:03 2006 From: res at ausics.net (Res) Date: Fri Feb 3 22:43:09 2006 Subject: New speed benchmark In-Reply-To: <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> Message-ID: On Fri, 3 Feb 2006, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > On 3 Feb 2006, at 10:36, Res wrote: > >> On Thu, 2 Feb 2006, DAve wrote: >> >>> Julian Field wrote: >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> I forgot to add the MTA is sendmail >>>> On 2 Feb 2006, at 14:59, Julian Field wrote: >>>>>> Old Signed: 02/02/06 at 14:59:40 >>>>> I have just done a speed test. >>>>> Hardware: dual Opteron, 4Gb RAM, SCSI disk. >>>>> Software: RHEL4, MailScanner 4.50, SpamAssassin, DCC, Razor, >>>>> clamavmodule >>>>> MailScanner setup: default >>>>> Speed: 770,000 messages per day >>> >>> What happens at 780,000 messages a day? >>> >> >> and at what loads > > Maintained about 10 which is what I would expect. 10? I hope to hell its on a 15 yo 5400 rpm ide thats only 8 msgs a second, we easily do more than that on dual xeon 2 gig ram with qmail and qmailscan and the load avgs constant 2-2.5 looks like i wont be trying to intergrate MS with our qmail servers, prolly a good idea since nobody has clear intructions on how to install with qmail anyway Still happy to use it on our sendmail boxes tho :) > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.4 (Build 4042) > > iQEVAwUBQ+M5OPw32o+k+q+hAQFMhggAkbE3ehk4UG3MHsz0wcRHi0Vof/XWqhsd > WUTBEsXtRVvx9ZshsLDHRWYX70P6u5VBChqiQKfGBUL/kYO69m44jO3Q189aOZgz > Xp8jSy5ly6OzAHXxCmHD22nyk2pdYuPI8Pkr59lK+r8CMh45rCqX7i4h4uIRfz8v > vIaLMsmmoeHFkcQBH+jMg5x2HlHVosWC+WnIjpQytU9K9ggEIKY92vnU+nN41j8P > FRTF07CFIjkoyYDWPr5rbquY1e1z+MyZ6QYQwFYWW+jxCfOFPHfwIMfTs6JQzzUL > GisT0NSjzSZ3KEIVeTQnma9J1oWFH5d3hN7VDYmOutlGoPn9+MBfDA== > =oUO7 > -----END PGP SIGNATURE----- > > -- Cheers Res From carl.andrews at crackerbarrel.com Fri Feb 3 23:11:44 2006 From: carl.andrews at crackerbarrel.com (Carl Andrews) Date: Fri Feb 3 23:12:50 2006 Subject: http://cme.mitre.org/index.html In-Reply-To: <43DA91F8.6080809@ecs.soton.ac.uk> References: <01ee01c62384$212adbf0$6500a8c0@kdinet.local> <43DA91F8.6080809@ecs.soton.ac.uk> Message-ID: <43E3E330.4070006@crackerbarrel.com> I just ran across this site and thought others on this list might find it useful. With all of the different AV engines we use, it is nice to see a place where all of the different names/aliases for each are identified. http://cme.mitre.org/index.html From lhaig at haigmail.com Fri Feb 3 23:21:24 2006 From: lhaig at haigmail.com (Lance Haig) Date: Fri Feb 3 23:21:34 2006 Subject: How does one downgrade? In-Reply-To: <43E282B4.5010201@ecs.soton.ac.uk> References: <43E25ED9.5090103@haigmail.com> <43E282B4.5010201@ecs.soton.ac.uk> Message-ID: <43E3E574.6070605@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Julian, I will give you direct access to the box if that would make things easier? Lance Julian Field wrote: > I would be very interested to work through your problems with 4.50 when > you have time. > > Lance Haig wrote: > I am having quite a time with the upgrade to 4.50.14 > > I get loads of dependency problems and a 15 characters text e-mail is > taking 20 plus seconds to work through the system. > > The system performed much better on 4.49.X for me. > > I need to go back to the system before I upgraded as it has been two > days now and the delay is quite bad. > > DO I just rename all the old directories and file to their original > names and all is ok? > > What files must I make sure to rename? > > Thanks Guys > > Lance -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4+V0M4kHBIBZ61gRAl7jAJ9bViunmgkSsB+iISGc3t0vM3sY3ACfcEXh PA5KTvrsHlBKjmOsauIBoJI= =Pr2I -----END PGP SIGNATURE----- From shuttlebox at gmail.com Fri Feb 3 23:35:26 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Feb 3 23:35:29 2006 Subject: Limit the number of days In-Reply-To: References: Message-ID: <625385e30602031535hecad00dh35c0c7aebcfa7be4@mail.gmail.com> On 2/3/06, Information Services wrote: > > I am using the default location for MailScanner to archive mail: > /var/spool/MailScanner/archive. > I see that MailScanner keeps about 90 days before it starts deleting the > archived mail. Where would I find the setting to change it to maintain even > less days before it starts to delete? > Look in /etc/cron.daily, you will find a script called cleanquarantine.pl or similar (I'm not at work now). Inside it you have a setting for number of days to keep. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060204/f19fb79f/attachment.html From shuttlebox at gmail.com Fri Feb 3 23:38:09 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Feb 3 23:38:13 2006 Subject: New speed benchmark In-Reply-To: References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> Message-ID: <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> On 2/3/06, Res wrote: > > 10? I hope to hell its on a 15 yo 5400 rpm ide > > thats only 8 msgs a second, we easily do more than that on dual xeon 2 > gig ram with qmail and qmailscan and the load avgs constant 2-2.5 > > looks like i wont be trying to intergrate MS with our qmail servers, > prolly a good idea since nobody has clear intructions on how to > install with qmail anyway > > Still happy to use it on our sendmail boxes tho :) > Is that with SA or just virus checking? I find that SA with all its network checks adds a lot more time than the virus scan. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060204/d609e5e7/attachment-0001.html From glenn.steen at gmail.com Sat Feb 4 00:05:41 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Feb 4 00:05:47 2006 Subject: New speed benchmark In-Reply-To: <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> Message-ID: <223f97700602031605j3fdd1f28j@mail.gmail.com> On 04/02/06, shuttlebox wrote: > On 2/3/06, Res wrote: > > 10? I hope to hell its on a 15 yo 5400 rpm ide > > > > thats only 8 msgs a second, we easily do more than that on dual xeon 2 > > gig ram with qmail and qmailscan and the load avgs constant 2-2.5 > > > > looks like i wont be trying to intergrate MS with our qmail servers, > > prolly a good idea since nobody has clear intructions on how to > > install with qmail anyway > > > > Still happy to use it on our sendmail boxes tho :) > > > > Is that with SA or just virus checking? I find that SA with all its network > checks adds a lot more time than the virus scan. > Not to mention long IO waits that "synthetically" increase load (lots of state D processes). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at nkpanama.com Sat Feb 4 04:30:24 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sat Feb 4 04:30:42 2006 Subject: sendmail greet_pause feature In-Reply-To: <1f8fae340602020153i1a1b061h@mail.gmail.com> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> Message-ID: <43E42DE0.7010401@nkpanama.com> Is there any way to run a check during install or upgrade to make sure, and then set it (or give a warning)? Maybe it could get incorporated into the next release. Will McDonald wrote: > On 01/02/06, Julian Field wrote: > > >> On Linux, sendmail 8.13 and upwards needs posix, anything before 8.13 >> needs flock. >> > > Is locking autodetecting, if you see what I mean? In the > MailScanner.conf it says... > > # How to lock spool files. > # Don't set this unless you *know* you need to. > # For sendmail, it defaults to "flock". > # For sendmail 8.13 onwards, you will probably need to change it to posix. > # For Exim, it defaults to "posix". > # No other type is implemented. > Lock Type = > > Does MailScanner *know* I'm running 8.13 or should I force posix locking? > > Will. > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060203/deee4893/attachment.html From res at ausics.net Sat Feb 4 05:39:14 2006 From: res at ausics.net (Res) Date: Sat Feb 4 05:39:23 2006 Subject: New speed benchmark In-Reply-To: <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> Message-ID: On Sat, 4 Feb 2006, shuttlebox wrote: > Is that with SA or just virus checking? I find that SA with all its > network checks adds a lot more time than the virus scan. With SA it loads to 4 but it gave us too many false alarms so we disabled it, even when we ran it we disabled most checks, the only thing it did was indicate spam content, we use qmail and sendmail to test RBL's etc, no point in accepting the full msg passing it to MS to reject/drop when we can reject on header only at MTA But qmailscan has a bad habbit of not being able to handle alot of stuff gracefully, which is why I was after a clear cut guide on how to install MS on a qmail system, because until the sendmail consortium can produce a copy of sendmail that works identical to qmail in relation to like with vpopmail for virtuals there is no beating that combination, be it for visp's or hosting. -- /peter -- Cheers Res From glenn.steen at gmail.com Sat Feb 4 10:17:04 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Feb 4 10:17:08 2006 Subject: New speed benchmark In-Reply-To: References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> Message-ID: <223f97700602040217t77e23cd6k@mail.gmail.com> On 04/02/06, Res wrote: > On Sat, 4 Feb 2006, shuttlebox wrote: > > > Is that with SA or just virus checking? I find that SA with all its > > network checks adds a lot more time than the virus scan. > > With SA it loads to 4 but it gave us too many false alarms so we disabled > it, even when we ran it we disabled most checks, the only thing it did > was indicate spam content, we use qmail and sendmail to test RBL's etc, no > point in accepting the full msg passing it to MS to reject/drop when we > can reject on header only at MTA That in the greater part explains the difference in load avgs. Not that I know exactly what network tests Jules ran in this case, but your low figures are simply due to you not doing 1) SA, and 2) SAs BL lookups. As mentioned, these two tend to add some "real" load and (in the latter case) significant "unreal" load;-). > But qmailscan has a bad habbit of not being able to handle alot of stuff > gracefully, which is why I was after a clear cut guide on how to install > MS on a qmail system, because until the sendmail consortium can produce a > copy of sendmail that works identical to qmail in relation to like with > vpopmail for virtuals there is no beating that combination, be it for > visp's or hosting. Did someone mention postfix ....:-):-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From bpumphrey at WoodMacLaw.com Fri Feb 3 16:17:34 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Sat Feb 4 11:03:10 2006 Subject: OT: Win32/Mywife.E@mm Message-ID: <04D932B0071FE34FA63EBB1977B48D15C2B93D@woodenex.woodmaclaw.local> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 73 bytes Desc: image001.gif Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060203/9cdfaddc/attachment-0001.gif From ius at rbrana.co.id Sat Feb 4 04:46:22 2006 From: ius at rbrana.co.id (ius) Date: Sat Feb 4 11:03:31 2006 Subject: DCC failure Message-ID: <43E4319E.8050301@rbrana.co.id> Dear mailscanner, I got this error messages when do the spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf. My DCC installed properly and placed where it should be [7934] warn: config: failed to parse line, skipping: dcc_path /usr/local/bin/dccproc [7934] warn: config: failed to parse line, skipping: dcc_home /var/dcc Does anyone know what it is ? why this happening ? Thanks alot ius -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Feb 4 11:11:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Feb 4 11:11:55 2006 Subject: Blocking spam based on from address In-Reply-To: References: Message-ID: <43E48BFB.7060900@ecs.soton.ac.uk> Michael Masse wrote: > Since we are using MS as a relay there is never a case where mail > destined to a user within our domain will ever be from another user > within our domain because that all happens internally within Groupwise. > The only email that goes through MS that truthfully has a from address > of our domain is outgoing email. Since MS calls sendmail, can MS tell > sendmail to drop all email claiming to come from our domain unless it > actually is, or is this something that I have to do at the MTA level? > You could use a ruleset for "Reject Message" saying something like From: yourdomain.com and 152.67. no FromOrTo: default yes That way only mail whose sender is user@yourdomain.com and comes from the 152.67. network is allowed through. All other mail is rejected with a nice polite message. You could better apply this ruleset is "Is High Scoring Spam" instead so that you can just drop it with a "delete" action rather than send a bounce message, which is very bad practice. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Feb 4 11:17:59 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Feb 4 11:18:00 2006 Subject: New speed benchmark In-Reply-To: References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> Message-ID: <43E48D67.8080205@ecs.soton.ac.uk> Res wrote: > On Fri, 3 Feb 2006, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> >> >> On 3 Feb 2006, at 10:36, Res wrote: >> >>> On Thu, 2 Feb 2006, DAve wrote: >>> >>>> Julian Field wrote: >>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>> I forgot to add the MTA is sendmail >>>>> On 2 Feb 2006, at 14:59, Julian Field wrote: >>>>>>> Old Signed: 02/02/06 at 14:59:40 >>>>>> I have just done a speed test. >>>>>> Hardware: dual Opteron, 4Gb RAM, SCSI disk. >>>>>> Software: RHEL4, MailScanner 4.50, SpamAssassin, DCC, Razor, >>>>>> clamavmodule >>>>>> MailScanner setup: default >>>>>> Speed: 770,000 messages per day >>>> >>>> What happens at 780,000 messages a day? >>>> >>> >>> and at what loads >> >> Maintained about 10 which is what I would expect. > > 10? I hope to hell its on a 15 yo 5400 rpm ide > > thats only 8 msgs a second, we easily do more than that on dual xeon 2 > gig ram with qmail and qmailscan and the load avgs constant 2-2.5 Not wanting to start a flame war, but does qmailscan do all the HTML analysis and phishing detection and all the extras you get with MailScanner? It's far from just being an av wrapper bolted to SpamAssassin. If I ran it as that, I would get far more messages per second too. I was running on a default setup, which has all features switched on. I was trying to produce a useful figure, not a marketing FUD benchmark. A load average of 10 is totally acceptable, please read up on what it actually means, it's not an indicator of CPU load. :-) However, I agree with you on the qmail support for MailScanner. There is a company that does all that, I leave them to it as I have never much liked qmail anyway ;) ;) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Feb 4 11:27:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Feb 4 11:27:21 2006 Subject: New speed benchmark In-Reply-To: <223f97700602040217t77e23cd6k@mail.gmail.com> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> <223f97700602040217t77e23cd6k@mail.gmail.com> Message-ID: <43E48F99.6090508@ecs.soton.ac.uk> Glenn Steen wrote: > On 04/02/06, Res wrote: > >> On Sat, 4 Feb 2006, shuttlebox wrote: >> >> >>> Is that with SA or just virus checking? I find that SA with all its >>> network checks adds a lot more time than the virus scan. >>> >> With SA it loads to 4 but it gave us too many false alarms so we disabled >> it, even when we ran it we disabled most checks, the only thing it did >> was indicate spam content, we use qmail and sendmail to test RBL's etc, no >> point in accepting the full msg passing it to MS to reject/drop when we >> can reject on header only at MTA >> > > That in the greater part explains the difference in load avgs. Not > that I know exactly what network tests Jules ran in this case, but > your low figures are simply due to you not doing 1) SA, and 2) SAs BL > lookups. As mentioned, these two tend to add some "real" load and (in > the latter case) significant "unreal" load;-). > No RBLs in MailScanner, but with SpamAssassin, DCC and Razor. 1 virus scanner. No rules_du_jour but just the rules that come supplied with SpamAssassin 3.1. Basically a default install of MailScanner 4.50, i.e. everything switched on. The only things I added were SA3.1, DCC and Razor. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Feb 4 11:30:16 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Feb 4 11:30:15 2006 Subject: DCC failure In-Reply-To: <43E4319E.8050301@rbrana.co.id> References: <43E4319E.8050301@rbrana.co.id> Message-ID: <43E49048.2010204@ecs.soton.ac.uk> If you didn't use my easy-installation Clam+SA package, you won't know that you need to edit a particular file. It is often found in /etc/mail/spamassassin/init.pre. You need to uncomment the DCC line. If you want to use the SURBL plugins and various useful tools like that, you will need to add some extra lines to load these plugins. My script does all this stuff for you, and tells you what to edit and what to do. :-) ius wrote: > Dear mailscanner, > > I got this error messages when do the spamassassin -D --lint -p > /etc/MailScanner/spam.assassin.prefs.conf. My DCC installed properly > and placed where it should be > > [7934] warn: config: failed to parse line, skipping: dcc_path > /usr/local/bin/dccproc > [7934] warn: config: failed to parse line, skipping: dcc_home /var/dcc > > Does anyone know what it is ? why this happening ? > > Thanks alot > ius > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From drew at themarshalls.co.uk Sat Feb 4 12:11:31 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Sat Feb 4 12:11:43 2006 Subject: New speed benchmark In-Reply-To: <223f97700602040217t77e23cd6k@mail.gmail.com> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> <223f97700602040217t77e23cd6k@mail.gmail.com> Message-ID: <7DAF7873-6D47-49C4-B3E1-25E9B79BD6F7@themarshalls.co.uk> On 4 Feb 2006, at 10:17, Glenn Steen wrote: > > Did someone mention postfix ....:-):-) That's fighting talk in some lists :-) (But I am biased ;-) ) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From pete at enitech.com.au Sat Feb 4 12:13:55 2006 From: pete at enitech.com.au (Pete Russell) Date: Sat Feb 4 12:14:41 2006 Subject: New speed benchmark In-Reply-To: <43E48F99.6090508@ecs.soton.ac.uk> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> <223f97700602040217t77e23cd6k@mail.gmail.com> <43E48F99.6090508@ecs.soton.ac.uk> Message-ID: <43E49A83.8030308@enitech.com.au> What was the content of the 770k of mail? EG 60%+ of spam and viruses? Many emails with attachements, nested zip files or anything? 770k completely different emails? Just curious. Thanks Pete Julian Field wrote: > > > Glenn Steen wrote: > >> On 04/02/06, Res wrote: >> >> >>> On Sat, 4 Feb 2006, shuttlebox wrote: >>> >>> >>> >>>> Is that with SA or just virus checking? I find that SA with all its >>>> network checks adds a lot more time than the virus scan. >>>> >>> >>> With SA it loads to 4 but it gave us too many false alarms so we >>> disabled >>> it, even when we ran it we disabled most checks, the only thing it did >>> was indicate spam content, we use qmail and sendmail to test RBL's >>> etc, no >>> point in accepting the full msg passing it to MS to reject/drop when we >>> can reject on header only at MTA >>> >> >> >> That in the greater part explains the difference in load avgs. Not >> that I know exactly what network tests Jules ran in this case, but >> your low figures are simply due to you not doing 1) SA, and 2) SAs BL >> lookups. As mentioned, these two tend to add some "real" load and (in >> the latter case) significant "unreal" load;-). >> > > No RBLs in MailScanner, but with SpamAssassin, DCC and Razor. > 1 virus scanner. No rules_du_jour but just the rules that come supplied > with SpamAssassin 3.1. > Basically a default install of MailScanner 4.50, i.e. everything > switched on. The only things I added were SA3.1, DCC and Razor. > From MailScanner at ecs.soton.ac.uk Sat Feb 4 12:20:35 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Feb 4 12:20:36 2006 Subject: New speed benchmark In-Reply-To: <43E49A83.8030308@enitech.com.au> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> <223f97700602040217t77e23cd6k@mail.gmail.com> <43E48F99.6090508@ecs.soton.ac.uk> <43E49A83.8030308@enitech.com.au> Message-ID: <43E49C13.70802@ecs.soton.ac.uk> It was just a copy of our incoming email feed for a while, so it was a totally normal spread of everything. No point testing things on fiddled or generated mail. Pete Russell wrote: > What was the content of the 770k of mail? EG 60%+ of spam and viruses? > Many emails with attachements, nested zip files or anything? > > 770k completely different emails? > > Just curious. > Thanks > Pete > > Julian Field wrote: >> >> >> Glenn Steen wrote: >> >>> On 04/02/06, Res wrote: >>> >>> >>>> On Sat, 4 Feb 2006, shuttlebox wrote: >>>> >>>> >>>>> Is that with SA or just virus checking? I find that SA with all its >>>>> network checks adds a lot more time than the virus scan. >>>>> >>>> >>>> With SA it loads to 4 but it gave us too many false alarms so we >>>> disabled >>>> it, even when we ran it we disabled most checks, the only thing it >>>> did >>>> was indicate spam content, we use qmail and sendmail to test RBL's >>>> etc, no >>>> point in accepting the full msg passing it to MS to reject/drop >>>> when we >>>> can reject on header only at MTA >>>> >>> >>> >>> That in the greater part explains the difference in load avgs. Not >>> that I know exactly what network tests Jules ran in this case, but >>> your low figures are simply due to you not doing 1) SA, and 2) SAs BL >>> lookups. As mentioned, these two tend to add some "real" load and (in >>> the latter case) significant "unreal" load;-). >>> >> >> No RBLs in MailScanner, but with SpamAssassin, DCC and Razor. >> 1 virus scanner. No rules_du_jour but just the rules that come >> supplied with SpamAssassin 3.1. >> Basically a default install of MailScanner 4.50, i.e. everything >> switched on. The only things I added were SA3.1, DCC and Razor. >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at mango.zw Sat Feb 4 13:27:13 2006 From: mailscanner at mango.zw (Jim Holland) Date: Sat Feb 4 13:31:55 2006 Subject: OT: Win32/Mywife.E@mm In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15C2B93D@woodenex.woodmaclaw.local> Message-ID: Someone wrote: > > > Naturally as long as everything is up to date things should be ok. > > > People don't really know that a virus is going to happen before it does > > > do they? > > Only if the bug has a timer/date trigger in them. They get installed, > > then lie in wait, and BAM do nasty things later. Once detected early, > > we effectively reverse engineer the virus code, know that the virus will > > trigger in the future, thus know it's going to happen before. Once users > > update their scanning softs they can be assured the bug will be > > eradicated before they trigger. > > The media is a funny animal, they latch onto these bugs seemingly at > > random, spreading doom and gloom, when we techs know that new bugs are > > a daily occurrence, and are quickly and quietly squished by anti-virus > > community. Of course the media loves to hype these things, but I think that this was a valid case for some extra attention. Not only was the worm particularly destructive (just one single infected machine on a network could have destroyed all files in a shared folder on a file server that the machine had access to), but early copies did manage to get through the virus scanners and MailScanner itself. I have not come across that situation since the Bagle worm with its password-protected zip files. Because we log the attachments that are sent to users we were able to determine that 6 of our 2500 members had received copies of the virus in uuencoded form. One of those 6 then opened the attachment with WinZip and got infected as a result. Fortunately we were able to clean up their infection before Friday, so no damage was done. I think the media hype was a useful wakeup call to ordinary users to get them to update their antivirus software and to keep backups on separate media. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From glenn.steen at gmail.com Sat Feb 4 14:01:14 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Feb 4 14:01:18 2006 Subject: New speed benchmark In-Reply-To: <43E49C13.70802@ecs.soton.ac.uk> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> <223f97700602040217t77e23cd6k@mail.gmail.com> <43E48F99.6090508@ecs.soton.ac.uk> <43E49A83.8030308@enitech.com.au> <43E49C13.70802@ecs.soton.ac.uk> Message-ID: <223f97700602040601o45bd5e3bi@mail.gmail.com> On 04/02/06, Julian Field wrote: > It was just a copy of our incoming email feed for a while, so it was a > totally normal spread of everything. No point testing things on fiddled > or generated mail. > In that case I'd have to say it's a truly awe-inspiring benchmark. It would be _very_ interresting to hear what a similar test with Postfix, Exim and Zmailer (and Sendmail, of course) would give (preferably on the same stream of messages... "replaying" or four identical boxes...). I've nevere seen that type of statistic thats been reliable, it'd be a treat! BTW, Jules ... Could you, pretty please, look at my post about typos in actions? Or has that area been covered extensively before? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Sat Feb 4 14:56:57 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Feb 4 14:56:57 2006 Subject: New speed benchmark In-Reply-To: <223f97700602040601o45bd5e3bi@mail.gmail.com> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> <223f97700602040217t77e23cd6k@mail.gmail.com> <43E48F99.6090508@ecs.soton.ac.uk> <43E49A83.8030308@enitech.com.au> <43E49C13.70802@ecs.soton.ac.uk> <223f97700602040601o45bd5e3bi@mail.gmail.com> Message-ID: <43E4C0B9.4030905@ecs.soton.ac.uk> Glenn Steen wrote: > BTW, Jules ... Could you, pretty please, look at my post about typos > in actions? Or has that area been covered extensively before? > A patch for Message.pm is attached. Apply the patch with cd /usr/lib/MailScanner/MailScanner gunzip Message.pm.patch.gz patch < Message.pm.patch then restart MailScanner. It logs the error message to syslog and then adds the "deliver" action to whatever you have set, just for safety so that no message is dropped because of your typo. Due to the the list of spam actions is now parsed, as it has arbitrary strings (including possibly multiple spaces) for headers, and email addresses in it, it is no longer just a list of possible words. So it cannot be caught by --lint. So it can only be detected when it is called at run-time, hence the extra safety measure of adding the "deliver" action. Let me know how you get on. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: Message.pm.patch.gz Type: application/x-gzip Size: 878 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060204/992ce3c9/Message.pm.patch.gz From w.halsall at farn-ct.ac.uk Sat Feb 4 15:11:05 2006 From: w.halsall at farn-ct.ac.uk (WILL HALSALL) Date: Sat Feb 4 15:11:34 2006 Subject: OT: but Sendmail experst please help In-Reply-To: References: Message-ID: Hi all, I had a test message from maps regarding open relays. Our sendmail will accept for deliver messages of the format but will not accept mail for deliver with format . could one of the sendmail experts please explain how to stop this? below is the telnet session Thanks WillH ehlo fcot5.farn-ct.ac.uk 220 fcot5.farn-ct.ac.uk ESMTP Sendmail 8.13.5/8.13.5; Sat, 4 Feb 2006 14:50:20 G MT 250-fcot5.farn-ct.ac.uk Hello [172.16.20.43], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-DELIVERBY 250 HELP 250 2.1.0 ... Sender ok rcpt to: 450 4.4.0 ... Relaying temporarily denied. Cannot reso lve PTR record for 172.16.20.43 rcpt to: 250 2.1.5 ... Recipient ok ********************************************************************** This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify Farnborough College of Technology. E-mail: postmaster@farn-ct.ac.uk ********************************************************************** -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From ucs_rat at shsu.edu Sat Feb 4 16:01:53 2006 From: ucs_rat at shsu.edu (Robert A. Thompson) Date: Sat Feb 4 16:01:59 2006 Subject: qf file left behind Message-ID: <1139068913.3230.113.camel@ra.thehouse.com> I searched through the list archive and found a post about mailscanner leaving qf files in the mqueue.in folder, however didn't see any response to it. Is anyone else noticing this? It is very rare under normal circumstances for us, however after adding a set of mail gateways in front of our primary mail server we decided to not virus scan or spam scan anything coming from those two servers. After adding a custom ruleset to "Spam Check =" we are able to replicate this at an extremely fast pace ( about 3 or 4 qf files a minute at least) and this is happening on all the servers in the setup. I'm willing to help troubleshoot and offer up any data needed to help with this but not sure what is needed or how to acquire it at the moment. Anyone have any thoughts? --Robert -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060204/df6b595e/attachment.html From MailScanner at ecs.soton.ac.uk Sat Feb 4 16:25:49 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Feb 4 16:26:32 2006 Subject: New speed benchmark -- just virus scanning In-Reply-To: References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> Message-ID: <43E4D58D.4000809@ecs.soton.ac.uk> Res wrote: > On Fri, 3 Feb 2006, Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> >> On 3 Feb 2006, at 10:36, Res wrote: >>> On Thu, 2 Feb 2006, DAve wrote: >>>> Julian Field wrote: >>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>> I forgot to add the MTA is sendmail >>>>> On 2 Feb 2006, at 14:59, Julian Field wrote: >>>>>>> Old Signed: 02/02/06 at 14:59:40 >>>>>> I have just done a speed test. >>>>>> Hardware: dual Opteron, 4Gb RAM, SCSI disk. >>>>>> Software: RHEL4, MailScanner 4.50, SpamAssassin, DCC, Razor, >>>>>> clamavmodule >>>>>> MailScanner setup: default >>>>>> Speed: 770,000 messages per day > > 10? I hope to hell its on a 15 yo 5400 rpm ide > > thats only 8 msgs a second, we easily do more than that on dual xeon 2 > gig ram with qmail and qmailscan and the load avgs constant 2-2.5 > > looks like i wont be trying to intergrate MS with our qmail servers, > prolly a good idea since nobody has clear intructions on how to > install with qmail anyway > > Still happy to use it on our sendmail boxes tho :) As a comparison with qmailscan, I ran MailScanner with just the Virus Scanning turned on, and all the spam checks and dangerous HTML checks switched off. So just as a virus scanner it managed Hardware: dual Opteron, 4Gb RAM, SCSI disk. Software: RHEL4, MailScanner 4.50 MailScanner setup: Virus scanning only Speed: 4,700,000 messages per day = 55 messages per second Can qmailscan beat that? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Feb 4 16:28:10 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Feb 4 16:28:18 2006 Subject: qf file left behind In-Reply-To: <1139068913.3230.113.camel@ra.thehouse.com> References: <1139068913.3230.113.camel@ra.thehouse.com> Message-ID: <43E4D61A.5080708@ecs.soton.ac.uk> Robert A. Thompson wrote: > I searched through the list archive and found a post about mailscanner > leaving qf files in the mqueue.in folder, however didn't see any > response to it. Is anyone else noticing this? It is very rare under > normal circumstances for us, however after adding a set of mail > gateways in front of our primary mail server we decided to not virus > scan or spam scan anything coming from those two servers. After > adding a custom ruleset to "Spam Check =" we are able to replicate > this at an extremely fast pace ( about 3 or 4 qf files a minute at > least) and this is happening on all the servers in the setup. > > I'm willing to help troubleshoot and offer up any data needed to help > with this but not sure what is needed or how to acquire it at the > moment. Anyone have any thoughts? My best guess would be the Lock Type setting. If you are on Linux running sendmail 8.12 or older, you need to set Lock Type = flock, as it will use posix by default with sendmail. This is a change to previous versions, most of my users run 8.13 on Linux so the default is set for them so it is correct for most people. But yours may be wrong. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ucs_rat at shsu.edu Sat Feb 4 16:47:17 2006 From: ucs_rat at shsu.edu (Robert A. Thompson) Date: Sat Feb 4 16:47:21 2006 Subject: qf file left behind References: <1139068913.3230.113.camel@ra.thehouse.com> <43E4D61A.5080708@ecs.soton.ac.uk> Message-ID: > My best guess would be the Lock Type setting. If you are on Linux running > sendmail 8.12 or older, you need to set Lock Type = flock, as it will use > posix by default with sendmail. This is a change to previous versions, > most of my users run 8.13 on Linux so the default is set for them so it is > correct for most people. But yours may be wrong. appears to be a good guess (Thanks Julian). I've started tweaking with the locking and so far so good. In our case, I set it to posix. We are running rhel4 with sendmail 8.13 and mailscanner 4.49 (fixing to go to 50). We hadn't set any settings on lock type, but setting to posix and restarting appears to be doing the trick. (still early though) --Robert From glenn.steen at gmail.com Sat Feb 4 16:47:39 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Feb 4 16:47:43 2006 Subject: New speed benchmark In-Reply-To: <43E4C0B9.4030905@ecs.soton.ac.uk> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> <223f97700602040217t77e23cd6k@mail.gmail.com> <43E48F99.6090508@ecs.soton.ac.uk> <43E49A83.8030308@enitech.com.au> <43E49C13.70802@ecs.soton.ac.uk> <223f97700602040601o45bd5e3bi@mail.gmail.com> <43E4C0B9.4030905@ecs.soton.ac.uk> Message-ID: <223f97700602040847y6ecf984al@mail.gmail.com> On 04/02/06, Julian Field wrote: > Glenn Steen wrote: > > BTW, Jules ... Could you, pretty please, look at my post about typos > > in actions? Or has that area been covered extensively before? > > > A patch for Message.pm is attached. Apply the patch with > > cd /usr/lib/MailScanner/MailScanner > gunzip Message.pm.patch.gz > patch < Message.pm.patch > > then restart MailScanner. > > It logs the error message to syslog and then adds the "deliver" action > to whatever you have set, just for safety so that no message is dropped > because of your typo. > > Due to the the list of spam actions is now parsed, as it has arbitrary > strings (including possibly multiple spaces) for headers, and email > addresses in it, it is no longer just a list of possible words. So it > cannot be caught by --lint. > > So it can only be detected when it is called at run-time, hence the > extra safety measure of adding the "deliver" action. > > Let me know how you get on. > Will apply it come monday! Thanks! Thought that might be why, and ... dreaded... that would be the effect. Oh well. Checks in the logs and comparisons to the final destinations show that during the short while it was wrong, I dropped approximately 350 messages... Boy, do I feel the fool (I'll need use a brown paper bag for several weeks, I know:-). Of all those mails, 1 (one!) was asked about... So what were the rest? Mostly "crucial market data and analysis"... Not spam though, the real deal. My users get way to much mail/head to be able to read them all, not to mention miss any.. My fat fingers only saving grace:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Sat Feb 4 17:03:10 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Feb 4 17:03:10 2006 Subject: qf file left behind In-Reply-To: References: <1139068913.3230.113.camel@ra.thehouse.com> <43E4D61A.5080708@ecs.soton.ac.uk> Message-ID: <43E4DE4E.9050201@ecs.soton.ac.uk> Robert A. Thompson wrote: >> My best guess would be the Lock Type setting. If you are on Linux running >> sendmail 8.12 or older, you need to set Lock Type = flock, as it will use >> posix by default with sendmail. This is a change to previous versions, >> most of my users run 8.13 on Linux so the default is set for them so it is >> correct for most people. But yours may be wrong. >> > > appears to be a good guess (Thanks Julian). I've started tweaking with > the locking and so far so good. In our case, I set it to posix. We are > running rhel4 with sendmail 8.13 and mailscanner 4.49 (fixing to go to > 50). We hadn't set any settings on lock type, but setting to posix and > restarting appears to be doing the trick. (still early though) > sendmail 8.13 on Linux is the classic one that always needs to be posix. This has become the default in MailScanner 4.50. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From brad at beckenhauer.com Sat Feb 4 17:48:05 2006 From: brad at beckenhauer.com (Brad Beckenhauer) Date: Sat Feb 4 17:48:16 2006 Subject: MailScanner --lint & MS 4.50-15 Message-ID: Hi Julian, Running MS 4.50-15 using the tarball install and using Postfix The system is running ok and email is processing normally. My system is more leading/bleeding edge and I get an interesting perl message when running "MailScanner --lint" that I just wanted to show to you. Since I'm more of a novice at perl, I think this is due to the more recent perl version I'm running and so I'm sending this in case it will be useful to you (or not). Anyway, here's some output for you. [root@mail bin]# ./MailScanner --lint Read 709 hostnames from the phishing whitelist Config: calling custom init function IPBlock Could not use Custom Function code MailScanner::CustomConfig::InitIPBlock, it could not be "eval"ed. Make sure the module is correct with perl -wc at /opt/MailScanner/lib/MailScanner/Config.pm line 803 Cannot write pid file , No such file or directory at ./MailScanner line 1238 MailScanner setting GID to (73) MailScanner setting UID to (73) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamav bitdefender mcafee" Found these virus scanners installed: bitdefender, clamavmodule, mcafee [root@mail bin]# perl -wc /opt/MailScanner/lib/MailScanner/CustomConfig.pm Unquoted string "hostname" may clash with future reserved word at /opt/MailScanner/lib/MailScanner/CustomConfig.pm line 300. Parameterless "use IO" deprecated at /opt/MailScanner/lib/MailScanner/CustomConfig.pm line 749 "my" variable $LimitsH masks earlier declaration in same scope at /opt/MailScanner/lib/MailScanner/CustomConfig.pm line 796. Use of implicit split to @_ is deprecated at /opt/MailScanner/lib/MailScanner/CustomConfig.pm line 822. Use of implicit split to @_ is deprecated at /opt/MailScanner/lib/MailScanner/CustomConfig.pm line 838. /opt/MailScanner/lib/MailScanner/CustomConfig.pm syntax OK [root@mail bin]# perl --version This is perl, v5.8.7 built for i686-linux-thread-multi (with 1 registered patch, see perl -V for more detail) [root@mail bin]# perl -V Summary of my perl5 (revision 5 version 8 subversion 7) configuration: Platform: osname=linux, osvers=2.6.14-arch, archname=i686-linux-thread-multi uname='linux earth 2.6.14-arch #1 smp preempt sat dec 17 14:46:38 pst 2005 i686 amd athlon(tm) processor authenticamd gnulinux ' config_args='-des -Dprefix=/usr -Dinstallprefix=/usr -Dman1dir=/usr/man/man1 -Dman3dir=/usr/man/man3 -Doptimize=-march=i686 -O2 -pipe -Dusethreads' hint=recommended, useposix=true, d_sigaction=define usethreads=define use5005threads=undef useithreads=define usemultiplicity=define useperlio=define d_sfio=undef uselargefiles=define usesocks=undef use64bitint=undef use64bitall=undef uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64', optimize='-march=i686 -O2 -pipe', cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -fno-strict-aliasing -pipe -I/usr/local/include' ccversion='', gccversion='4.0.3 20051006 (prerelease)', gccosandvers='' intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12 ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=4, prototype=define Linker and Libraries: ld='cc', ldflags =' -L/usr/local/lib' libpth=/usr/local/lib /lib /usr/lib libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread -lc perllibs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc libc=/lib/libc-2.3.5.so, so=so, useshrplib=false, libperl=libperl.a gnulibc_version='2.3.5' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E' cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib' Characteristics of this binary (from libperl): Compile-time options: MULTIPLICITY USE_ITHREADS USE_LARGE_FILES PERL_IMPLICIT_CONTEXT Locally applied patches: SPRINTF0 - fixes for sprintf formatting issues - CVE-2005-3962 Built under linux Compiled at Dec 30 2005 12:13:39 @INC: /usr/lib/perl5/5.8.7/i686-linux-thread-multi /usr/lib/perl5/5.8.7 /usr/lib/perl5/site_perl/5.8.7/i686-linux-thread-multi /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_perl/5.8.6/i686-linux-thread-multi /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5/i686-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4/i686-linux-thread-multi /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3/i686-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2/i686-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1/i686-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0/i686-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl . -------------- next part -------------- Skipped content of type multipart/related From dave.list at pixelhammer.com Sat Feb 4 19:53:28 2006 From: dave.list at pixelhammer.com (DAve) Date: Sat Feb 4 19:53:48 2006 Subject: New speed benchmark -- just virus scanning In-Reply-To: <43E4D58D.4000809@ecs.soton.ac.uk> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <43E4D58D.4000809@ecs.soton.ac.uk> Message-ID: <43E50638.4060601@pixelhammer.com> Julian Field wrote: > Res wrote: > >> On Fri, 3 Feb 2006, Julian Field wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> >>> On 3 Feb 2006, at 10:36, Res wrote: >>> >>>> On Thu, 2 Feb 2006, DAve wrote: >>>> >>>>> Julian Field wrote: >>>>> >>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>> I forgot to add the MTA is sendmail >>>>>> On 2 Feb 2006, at 14:59, Julian Field wrote: >>>>>> >>>>>>>> Old Signed: 02/02/06 at 14:59:40 >>>>>>> >>>>>>> I have just done a speed test. >>>>>>> Hardware: dual Opteron, 4Gb RAM, SCSI disk. >>>>>>> Software: RHEL4, MailScanner 4.50, SpamAssassin, DCC, Razor, >>>>>>> clamavmodule >>>>>>> MailScanner setup: default >>>>>>> Speed: 770,000 messages per day >> >> >> 10? I hope to hell its on a 15 yo 5400 rpm ide >> >> thats only 8 msgs a second, we easily do more than that on dual xeon 2 >> gig ram with qmail and qmailscan and the load avgs constant 2-2.5 >> >> looks like i wont be trying to intergrate MS with our qmail servers, >> prolly a good idea since nobody has clear intructions on how to >> install with qmail anyway >> >> Still happy to use it on our sendmail boxes tho :) > > As a comparison with qmailscan, I ran MailScanner with just the Virus > Scanning turned on, and all the spam checks and dangerous HTML checks > switched off. > So just as a virus scanner it managed > > Hardware: dual Opteron, 4Gb RAM, SCSI disk. > Software: RHEL4, MailScanner 4.50 > MailScanner setup: Virus scanning only > Speed: 4,700,000 messages per day > = 55 messages per second > > Can qmailscan beat that? > We run qmail on all our servers except the gateways, which run MS and Sendmail, ClamAV/Bitdefender. Each gateway is a PIII with 1gb ram and SATA raid 0. We currently process 40k messages a day on each gateway(rejecting 70k+ with rbl), and load is minimal, the servers are bored. I use SA only on domains we "scrub" and pass on to the clients exchange server. We have several qmail toasters behind the gateways running SA with per user prefs for all the accounts we host. I do not believe any qmail solution such as qmailscan could keep up. Possibly qmail could keep up if you ran simscan, which is written in C. My experience testing solutions, was that any qmailqueue replacement written in Perl was nice for a business install, but unacceptable for an ISP install with large traffic levels. This is not a flame, I love qmail (once I got my mind wrapped around it) and I've run sendmail/postfix/exim. Each has advantages. The bottleneck is the replacement of qmailqueue with Perl. IMO. We looked at OpenProtect (?) but did not test it, only because we wanted Julians support and Julian didn't write it. If MailScanner someday supported qmail, we would switch from Sendmail. It seems to me the only difference is the queue and message structures. The rest of MS would not be affected? Just my 2 cents. DAve From res at ausics.net Sat Feb 4 22:21:13 2006 From: res at ausics.net (Res) Date: Sat Feb 4 22:21:23 2006 Subject: New speed benchmark In-Reply-To: <223f97700602040217t77e23cd6k@mail.gmail.com> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> <223f97700602040217t77e23cd6k@mail.gmail.com> Message-ID: On Sat, 4 Feb 2006, Glenn Steen wrote: > That in the greater part explains the difference in load avgs. Not > that I know exactly what network tests Jules ran in this case, but > your low figures are simply due to you not doing 1) SA, and 2) SAs BL > lookups. As mentioned, these two tend to add some "real" load and (in > the latter case) significant "unreal" load;-). > Yes, but read what I said, in duplicate circumstances avg was 4 against 10 :) the 1-2 is without it. >> But qmailscan has a bad habbit of not being able to handle alot of stuff >> gracefully, which is why I was after a clear cut guide on how to install >> MS on a qmail system, because until the sendmail consortium can produce a >> copy of sendmail that works identical to qmail in relation to like with >> vpopmail for virtuals there is no beating that combination, be it for >> visp's or hosting. > > Did someone mention postfix ....:-):-) looked at it a few years back, decided no and dont intend to, also had enuf of the wietse patsies trying to thrash it down everybodys throats on other lists, its akin to spamming :) especially those that argue vigorously its better than sendmail, when they have never used sendmail At least I benchtext MTA's before discounting them, and I found when configured right sendmail even beats qmail at speed for delivery and both leave postfix in their wake, but now we are way off topic :) -- Cheers Res From res at ausics.net Sat Feb 4 22:29:58 2006 From: res at ausics.net (Res) Date: Sat Feb 4 22:30:05 2006 Subject: New speed benchmark In-Reply-To: <43E48D67.8080205@ecs.soton.ac.uk> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <43E48D67.8080205@ecs.soton.ac.uk> Message-ID: On Sat, 4 Feb 2006, Julian Field wrote: > Not wanting to start a flame war, but does qmailscan do all the HTML analysis > and phishing detection and all the extras you get with MailScanner? It's far no, its one of the reasons I want to get MS to work with it its a dream on our sendmail servers, buty they are special use for large single domains and the loads pretty low > However, I agree with you on the qmail support for MailScanner. There is a > company that does all that, I leave them to it as I have never much liked > qmail anyway ;) ;) Yep, I still prefere sendmail, but sadly like I said for virtuals you cna not beat the qmail/vpopmail combo, trust me the day sendmail creates an option that basically allows mkdir /var/spool/mail/test.com echo "test.com /var/spool/mail/test.com" >> /etc/mail/virtualdomaindir make -C /etc/mail and we get somthing like vpopmail to work with it, qmail will start have a very fast extinction rate :) -- Cheers Res From res at ausics.net Sat Feb 4 22:38:08 2006 From: res at ausics.net (Res) Date: Sat Feb 4 22:38:15 2006 Subject: New speed benchmark -- just virus scanning In-Reply-To: <43E4D58D.4000809@ecs.soton.ac.uk> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <43E4D58D.4000809@ecs.soton.ac.uk> Message-ID: On Sat, 4 Feb 2006, Julian Field wrote: > Res wrote: >> On Fri, 3 Feb 2006, Julian Field wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> >>> On 3 Feb 2006, at 10:36, Res wrote: >>>> On Thu, 2 Feb 2006, DAve wrote: >>>>> Julian Field wrote: >>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>> I forgot to add the MTA is sendmail >>>>>> On 2 Feb 2006, at 14:59, Julian Field wrote: >>>>>>>> Old Signed: 02/02/06 at 14:59:40 >>>>>>> I have just done a speed test. >>>>>>> Hardware: dual Opteron, 4Gb RAM, SCSI disk. >>>>>>> Software: RHEL4, MailScanner 4.50, SpamAssassin, DCC, Razor, >>>>>>> clamavmodule >>>>>>> MailScanner setup: default >>>>>>> Speed: 770,000 messages per day >> >> 10? I hope to hell its on a 15 yo 5400 rpm ide >> >> thats only 8 msgs a second, we easily do more than that on dual xeon 2 gig >> ram with qmail and qmailscan and the load avgs constant 2-2.5 >> >> looks like i wont be trying to intergrate MS with our qmail servers, prolly >> a good idea since nobody has clear intructions on how to install with qmail >> anyway >> >> Still happy to use it on our sendmail boxes tho :) > As a comparison with qmailscan, I ran MailScanner with just the Virus > Scanning turned on, and all the spam checks and dangerous HTML checks > switched off. > So just as a virus scanner it managed > > Hardware: dual Opteron, 4Gb RAM, SCSI disk. > Software: RHEL4, MailScanner 4.50 > MailScanner setup: Virus scanning only > Speed: 4,700,000 messages per day > = 55 messages per second > > Can qmailscan beat that? maybe witha high load, i never said i like qmailscan, it hate the #@%#@ thing :) when dealing with some tnef stuff it leaves the extracted dirs and can hang that child we are probably doing about 20 msgs a second for those figures I gave. which Operton ? tho I do detest AMD :P prolly cause in early days they were shit and used to fail often, never had an intel die yet > > -- Cheers Res From john at jolet.net Sun Feb 5 03:06:50 2006 From: john at jolet.net (John Jolet) Date: Sun Feb 5 03:06:48 2006 Subject: permissions problem on startup Message-ID: <46E37D27-F082-48B7-B007-AE25597F9D01@jolet.net> I'm having a problem that I saw in the archives someone else having, but I couldn't find a solution. Running on gentoo with postfix. If I set the Run As user to postfix, I get: Cannot open config file /opt/ MailScanner/etc/MailScanner.conf, Permission denied at /opt/ MailScanner/lib/MailScanner/Config.pm line 597. now, that poster said he made it work by giving postfix user a shell, but that doesn't seem to work for me. if I start it as root, it works, but then postfix would need to run as root. postfix:postfix owns MailScanner.conf, and it can be read by postfix.... the mailscanner program opens it like 10 times, then switches uid and gid to postfix, and then can't open it. or says it can't. what's going on here? From shuttlebox at gmail.com Sun Feb 5 10:20:17 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Sun Feb 5 10:20:21 2006 Subject: sendmail greet_pause feature In-Reply-To: <43E42DE0.7010401@nkpanama.com> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> <43E42DE0.7010401@nkpanama.com> Message-ID: <625385e30602050220r2ca97e13te036b7584f36951e@mail.gmail.com> On 2/4/06, Alex Neuman van der Hans wrote: > > Is there any way to run a check during install or upgrade to make sure, > and then set it (or give a warning)? Maybe it could get incorporated into > the next release. > It has already been in a previous release. It was based on Sendmail debug output and caused a lot of problems so Julian removed it. Nobody has posted a reliable way to detect it yet. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060205/bfd58639/attachment.html From MailScanner at ecs.soton.ac.uk Sun Feb 5 12:59:36 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Feb 5 12:59:38 2006 Subject: New speed benchmark -- just virus scanning In-Reply-To: <43E50638.4060601@pixelhammer.com> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <43E4D58D.4000809@ecs.soton.ac.uk> <43E50638.4060601@pixelhammer.com> Message-ID: <43E5F6B8.1080603@ecs.soton.ac.uk> DAve wrote: > We looked at OpenProtect (?) but did not test it, only because we > wanted Julians support and Julian didn't write it. If MailScanner > someday supported qmail, we would switch from Sendmail. It seems to me > the only difference is the queue and message structures. The rest of > MS would not be affected? I'm sorry but I have no intention of supporting qmail in MailScanner. Nothing personal :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Feb 5 13:02:58 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Feb 5 13:02:59 2006 Subject: permissions problem on startup In-Reply-To: <46E37D27-F082-48B7-B007-AE25597F9D01@jolet.net> References: <46E37D27-F082-48B7-B007-AE25597F9D01@jolet.net> Message-ID: <43E5F782.7020005@ecs.soton.ac.uk> John Jolet wrote: > I'm having a problem that I saw in the archives someone else having, > but I couldn't find a solution. Running on gentoo with postfix. If I > set the Run As user to postfix, I get: Cannot open config file > /opt/MailScanner/etc/MailScanner.conf, Permission denied at > /opt/MailScanner/lib/MailScanner/Config.pm line 597. If this is not a permissions problem on the file, then it is a problem with the perms of the dir or one of its parents. Don't forget that the postfix user has to be to navigate down to the file, as well as just read the file. Ensure you have r-x on the directories. > > now, that poster said he made it work by giving postfix user a shell, > but that doesn't seem to work for me. if I start it as root, it > works, but then postfix would need to run as root. postfix:postfix > owns MailScanner.conf, and it can be read by postfix.... the > mailscanner program opens it like 10 times, then switches uid and gid > to postfix, and then can't open it. or says it can't. what's going > on here? > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at erus.co.uk Sun Feb 5 13:25:25 2006 From: alex at erus.co.uk (Alex Pimperton) Date: Sun Feb 5 13:22:34 2006 Subject: How do I whitelist mail from internal processes? Message-ID: <43E5FCC5.3090007@erus.co.uk> Hi All I run MailScanner on a Debian box that also has LogWatch installed, and recently emails from LogWatch are being tagged as High Scoring Spam because the LogWatch report contains IP addresses that trip the SUBRL rules in SpamAssassin. I went to whitelist 127.0.0.1/my external IP but after checking the headers I realised there's no IP address I can whitelist as the headers are misssing the "Received: from" part. My headers look like: Delivered-To: root@erus.co.uk Received: by mail.erus.co.uk (Postfix, from userid 0) id CB681581D5; Sun, 5 Feb 2006 00:31:25 +0000 (GMT) To: root@erus.co.uk How can I whitelist email that comes from internal processes (LogWatch,Cron etc) without having to whitelist all email that arrives for root? Regards, Alex -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. From john at jolet.net Sun Feb 5 13:27:45 2006 From: john at jolet.net (John Jolet) Date: Sun Feb 5 13:27:43 2006 Subject: permissions problem on startup In-Reply-To: <43E5F782.7020005@ecs.soton.ac.uk> References: <46E37D27-F082-48B7-B007-AE25597F9D01@jolet.net> <43E5F782.7020005@ecs.soton.ac.uk> Message-ID: On Feb 5, 2006, at 7:02 AM, Julian Field wrote: > John Jolet wrote: >> I'm having a problem that I saw in the archives someone else >> having, but I couldn't find a solution. Running on gentoo with >> postfix. If I set the Run As user to postfix, I get: Cannot open >> config file /opt/MailScanner/etc/MailScanner.conf, Permission >> denied at /opt/MailScanner/lib/MailScanner/Config.pm line 597. > If this is not a permissions problem on the file, then it is a > problem with the perms of the dir or one of its parents. Don't > forget that the postfix user has to be to navigate down to the > file, as well as just read the file. Ensure you have r-x on the > directories. >> yeah, I thought of that. If I give postfix a shell, su - postfix I can view the file just fine. It appeared to me when I looked at that module that it was mostly concerned with ldap servers. was I incorrect? I don't have any, and that portion of the config file is commented out. just grasping at straws at this point. From MailScanner at ecs.soton.ac.uk Sun Feb 5 13:33:28 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Feb 5 13:33:27 2006 Subject: How do I whitelist mail from internal processes? In-Reply-To: <43E5FCC5.3090007@erus.co.uk> References: <43E5FCC5.3090007@erus.co.uk> Message-ID: <43E5FEA8.8020304@ecs.soton.ac.uk> Alex Pimperton wrote: > I went to whitelist 127.0.0.1/my external IP but after checking the > headers I realised there's no IP address I can whitelist as the headers > are misssing the "Received: from" part. > > My headers look like: > > Delivered-To: root@erus.co.uk > Received: by mail.erus.co.uk (Postfix, from userid 0) > id CB681581D5; Sun, 5 Feb 2006 00:31:25 +0000 (GMT) > To: root@erus.co.uk > > How can I whitelist email that comes from internal processes > (LogWatch,Cron etc) without having to whitelist all email that arrives > for root? > Don't worry, MailScanner doesn't use the headers, it gets the IP from the envelope, and puts in 127.0.0.1 if there isn't one. So if the MTA is invoked locally, the ip address will be 127.0.0.1. MailScanner will take pretty much any form of netword address you can come up with, so From: 127.0.0.1 no FromOrTo: default yes should work just fine. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Feb 5 13:35:53 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Feb 5 13:35:52 2006 Subject: permissions problem on startup In-Reply-To: References: <46E37D27-F082-48B7-B007-AE25597F9D01@jolet.net> <43E5F782.7020005@ecs.soton.ac.uk> Message-ID: <43E5FF39.10909@ecs.soton.ac.uk> John Jolet wrote: > > On Feb 5, 2006, at 7:02 AM, Julian Field wrote: > >> John Jolet wrote: >>> I'm having a problem that I saw in the archives someone else having, >>> but I couldn't find a solution. Running on gentoo with postfix. If >>> I set the Run As user to postfix, I get: Cannot open config file >>> /opt/MailScanner/etc/MailScanner.conf, Permission denied at >>> /opt/MailScanner/lib/MailScanner/Config.pm line 597. >> If this is not a permissions problem on the file, then it is a >> problem with the perms of the dir or one of its parents. Don't forget >> that the postfix user has to be to navigate down to the file, as well >> as just read the file. Ensure you have r-x on the directories. >>> > yeah, I thought of that. If I give postfix a shell, su - postfix I > can view the file just fine. It appeared to me when I looked at that > module that it was mostly concerned with ldap servers. was I > incorrect? I don't have any, and that portion of the config file is > commented out. just grasping at straws at this point. I would not advise you try to work out how the configuration compiler works, it's pretty complex. :-) If you do su - postfix then cd / then cd down each dir to the file's location, does that all work at every step? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From john at jolet.net Sun Feb 5 14:27:11 2006 From: john at jolet.net (John Jolet) Date: Sun Feb 5 14:27:28 2006 Subject: permissions problem on startup In-Reply-To: <43E5FF39.10909@ecs.soton.ac.uk> References: <46E37D27-F082-48B7-B007-AE25597F9D01@jolet.net> <43E5F782.7020005@ecs.soton.ac.uk> <43E5FF39.10909@ecs.soton.ac.uk> Message-ID: <84B37A2A-C8BA-4F1B-979C-A116E51156B6@jolet.net> >> yeah, I thought of that. If I give postfix a shell, su - postfix >> I can view the file just fine. It appeared to me when I looked at >> that module that it was mostly concerned with ldap servers. was I >> incorrect? I don't have any, and that portion of the config file >> is commented out. just grasping at straws at this point. > > I would not advise you try to work out how the configuration > compiler works, it's pretty complex. :-) > > If you do su - postfix then cd / then cd down each dir to the > file's location, does that all work at every step? yes, it does. That gave me an idea, however. su - postfix from root, THEN run check_mailscanner, and it works. so I can start it as postfix if i'm postfix. I guess I can handle that.....but it's still odd. From glenn.steen at gmail.com Sun Feb 5 16:02:58 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Feb 5 16:03:02 2006 Subject: New speed benchmark In-Reply-To: References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> <223f97700602040217t77e23cd6k@mail.gmail.com> Message-ID: <223f97700602050802w7a1908c4l@mail.gmail.com> On 04/02/06, Res wrote: > On Sat, 4 Feb 2006, Glenn Steen wrote: > > > That in the greater part explains the difference in load avgs. Not > > that I know exactly what network tests Jules ran in this case, but > > your low figures are simply due to you not doing 1) SA, and 2) SAs BL > > lookups. As mentioned, these two tend to add some "real" load and (in > > the latter case) significant "unreal" load;-). > > > > Yes, but read what I said, in duplicate circumstances avg was 4 against > 10 :) the 1-2 is without it. Ok... I thought you said that when you ran it with SA, you had most/all DNS related stuff disabled, and that it was then at approximately 4 LA.... Obviously I read you wrong. (One could argue that load averages are not the best performance measurements there is, but lets not walk that way:-) > > >> But qmailscan has a bad habbit of not being able to handle alot of stuff > >> gracefully, which is why I was after a clear cut guide on how to install > >> MS on a qmail system, because until the sendmail consortium can produce a > >> copy of sendmail that works identical to qmail in relation to like with > >> vpopmail for virtuals there is no beating that combination, be it for > >> visp's or hosting. > > > > Did someone mention postfix ....:-):-) > > looked at it a few years back, decided no and dont intend to, also had > enuf of the wietse patsies trying to thrash it down everybodys throats on > other lists, its akin to spamming :) Fair enough. Note the smileys... I'm certain that most people on this list are beyond newbie status, and the comment was more of a joke than anything. Obviously a poor one at that. > especially those that argue vigorously its better than sendmail, when they > have never used sendmail :-) I got fed up with Sendmail about ... Oh, 8 years ago. I still use it, if it happens to be on any particular system, in house... But not for "front side" use. Qmail and Postfix share several traits (security "by design" foremost among them), and when I looked at what to use instead of Sendmail (a couple of years later, or so, when we decided to retire the badly working boxed solution some fool^H^H^Hine PHB had bought), it was a very close race between those two. At the time I disliked the ... "political" nature of Qmail a bit, so went with Postfix... Just to discover that Mr Venema is indeed as opinionated and "political". Sigh. But the MTA is still a very nice piece of SW, so .. I'll stick with it:-). > At least I benchtext MTA's before discounting them, and I found when > configured right sendmail even beats qmail at speed for delivery and both > leave postfix in their wake, but now we are way off topic :) That's why I'd like for someone with the knowhow, resources and "big load" to do such a comparison... I'd do it myself, but I simply lack the influx (and to a certain extent diversity) of mails to do such a test justice. I'm still holding out hope that Jules will be bored enough one day to do it:-). And from the above, one can infer that speed of processing/delivery isn't a factor on my systems, so it'd be for purely ... technology/statistical pleasure (on my part, at least:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dnsadmin at 1bigthink.com Sun Feb 5 16:55:06 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Sun Feb 5 16:55:17 2006 Subject: This list rules!!! Successful upgrade from 4.43 to 4.50 with no glitches! Message-ID: <6.2.3.4.0.20060205114353.089f86c8@mxt.1bigthink.com> Hello All, I just wanted to report a success story instead of the usual problems. I upgraded overnight beginning at 00:10 +5GMT last night and was complete and satisfied everything was going well enough to sleep well by 1:03 +5GMT. Thanks Julian! Docs were certainly clear enough! Thank you ALL for preparing me for the pitfalls! Whitebox Linux 3.x (updated RPMs) = RHES 3.x (up to date RPMs) MailScanner 4.43 upgrade to 4.50 SpamAssassin-3.03+ClamAV0.88 upgrade to SpamAssassin 3.10+ClamAV0.88 Mailwatch 0.51 (want to upgrade soon) Cheers! Glenn From MailScanner at ecs.soton.ac.uk Sun Feb 5 17:18:18 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Feb 5 17:18:18 2006 Subject: This list rules!!! Successful upgrade from 4.43 to 4.50 with no glitches! In-Reply-To: <6.2.3.4.0.20060205114353.089f86c8@mxt.1bigthink.com> References: <6.2.3.4.0.20060205114353.089f86c8@mxt.1bigthink.com> Message-ID: <43E6335A.9050908@ecs.soton.ac.uk> You're welcome! dnsadmin 1bigthink.com wrote: > Hello All, > > I just wanted to report a success story instead of the usual problems. > I upgraded overnight beginning at 00:10 +5GMT last night and was > complete and satisfied everything was going well enough to sleep well > by 1:03 +5GMT. > > Thanks Julian! Docs were certainly clear enough! Thank you ALL for > preparing me for the pitfalls! > > Whitebox Linux 3.x (updated RPMs) = RHES 3.x (up to date RPMs) > MailScanner 4.43 upgrade to 4.50 > SpamAssassin-3.03+ClamAV0.88 upgrade to SpamAssassin 3.10+ClamAV0.88 > Mailwatch 0.51 (want to upgrade soon) > > Cheers! > Glenn > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gdoris at rogers.com Sun Feb 5 19:24:18 2006 From: gdoris at rogers.com (Gerry Doris) Date: Sun Feb 5 19:24:43 2006 Subject: MailScanner lint errors? Message-ID: <43E650E2.7050805@rogers.com> I've started seeing errors after running MailScanner --lint which I haven't seen before. I was running 4.50.10 and decided to upgrade to 4.50.15 today. Everything went well and MailScanner is working properly. I see no errors in any of the logs. Mail is being accepted and delivered. MailScanner -v runs without errors but when I run MailScanner --lint I get the following: [root@tiger MailScanner]# MailScanner --lint Read 701 hostnames from the phishing whitelist Config: calling custom init function SQLBlacklist Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhitelist Cannot write pid file , No such file or directory at /usr/sbin/MailScanner line 1238 Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamavmodule f-prot trend bitdefender" Use of uninitialized value in split at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2879. Use of uninitialized value in concatenation (.) or string at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. Use of uninitialized value in concatenation (.) or string at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. Can't exec "-IsItInstalled": No such file or directory at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2882. ...snip the above is repeated 5 more times ...snip Found these virus scanners installed: bitdefender, f-prot, clamavmodule, trend From MailScanner at ecs.soton.ac.uk Sun Feb 5 19:44:02 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Feb 5 19:44:04 2006 Subject: MailScanner lint errors? In-Reply-To: <43E650E2.7050805@rogers.com> References: <43E650E2.7050805@rogers.com> Message-ID: <43E65582.6040709@ecs.soton.ac.uk> I strongly suspect that none are relevant, apart from the Cannot write pid file error. Check this is set to something in your MailScanner.conf file. Gerry Doris wrote: > I've started seeing errors after running MailScanner --lint which I > haven't seen before. > > I was running 4.50.10 and decided to upgrade to 4.50.15 today. > Everything went well and MailScanner is working properly. I see no > errors in any of the logs. Mail is being accepted and delivered. > > MailScanner -v runs without errors but when I run MailScanner --lint I > get the following: > > [root@tiger MailScanner]# MailScanner --lint > Read 701 hostnames from the phishing whitelist > Config: calling custom init function SQLBlacklist > Config: calling custom init function MailWatchLogging > Config: calling custom init function SQLWhitelist > Cannot write pid file , No such file or directory at > /usr/sbin/MailScanner line 1238 > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > > MailScanner.conf says "Virus Scanners = clamavmodule f-prot trend > bitdefender" > > Use of uninitialized value in split at > /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2879. > Use of uninitialized value in concatenation (.) or string at > /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. > Use of uninitialized value in concatenation (.) or string at > /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. > Can't exec "-IsItInstalled": No such file or directory at > /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2882. > ...snip > the above is repeated 5 more times > ...snip > > Found these virus scanners installed: bitdefender, f-prot, > clamavmodule, trend -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gdoris at rogers.com Sun Feb 5 20:12:21 2006 From: gdoris at rogers.com (Gerry Doris) Date: Sun Feb 5 20:12:46 2006 Subject: MailScanner lint errors? In-Reply-To: <43E65582.6040709@ecs.soton.ac.uk> References: <43E650E2.7050805@rogers.com> <43E65582.6040709@ecs.soton.ac.uk> Message-ID: <43E65C25.7000809@rogers.com> Julian Field wrote: > I strongly suspect that none are relevant, apart from the Cannot write > pid file error. Check this is set to something in your MailScanner.conf > file. I checked MailScanner.conf and the MailScanner PID is set to /var/run/MailScanner.pid The file is really there and is being used. Like I said, there are no errors in any logs and mail is being sent and received. It was working but I can't remember the last time I tried it. I'm using the latest MailWatch. Would that be confusing the MailScanner lint operation? > > Gerry Doris wrote: > >> I've started seeing errors after running MailScanner --lint which I >> haven't seen before. >> >> I was running 4.50.10 and decided to upgrade to 4.50.15 today. >> Everything went well and MailScanner is working properly. I see no >> errors in any of the logs. Mail is being accepted and delivered. >> >> MailScanner -v runs without errors but when I run MailScanner --lint I >> get the following: >> >> [root@tiger MailScanner]# MailScanner --lint >> Read 701 hostnames from the phishing whitelist >> Config: calling custom init function SQLBlacklist >> Config: calling custom init function MailWatchLogging >> Config: calling custom init function SQLWhitelist >> Cannot write pid file , No such file or directory at >> /usr/sbin/MailScanner line 1238 >> Checking for SpamAssassin errors (if you use it)... >> Using SpamAssassin results cache >> Connected to SpamAssassin cache database >> SpamAssassin reported no errors. >> >> MailScanner.conf says "Virus Scanners = clamavmodule f-prot trend >> bitdefender" >> >> Use of uninitialized value in split at >> /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2879. >> Use of uninitialized value in concatenation (.) or string at >> /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >> Use of uninitialized value in concatenation (.) or string at >> /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >> Can't exec "-IsItInstalled": No such file or directory at >> /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2882. >> ...snip >> the above is repeated 5 more times >> ...snip >> >> Found these virus scanners installed: bitdefender, f-prot, >> clamavmodule, trend > > From mailscanner at PDSCC.COM Sun Feb 5 20:55:53 2006 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Sun Feb 5 20:56:06 2006 Subject: errors when running mailwatch php/mysql Message-ID: <200602090821.AAA21504@sheridan.sibble.net> I've just spent the last few hours setting up mailwatch on a freshly built centos 4.2 mail relay. Mailscanner is working fine with postfix. I followed the instructions here: http://mailwatch.sourceforge.net/doku.php?id=mailwatch:documentation:install Once I finished the setup, I restarted the mysql, http and mailscanner daemons. I then attempt to go to http://ip.address.of.mailrelay/mailscanner (also tried ttp://ip.address.of.mailrelay/mailscanner/index.php with same results) and get nothing but a blank webpage. From the /var/log/httpd/error_log: [client xxx.xxx.xxx.xxx] PHP Fatal error: Call to undefined function: mysql_escape_string() in /var/www/html/mailscanner/functions.php on line 528 line 528 says $value = "'".mysql_escape_string($value)."'"; I've been googling, but havent found anything to get this to work. I've not used php before.... Relevant rpm versions: mailscanner-4.49.7-1 postfix-2.1.5-4.2.RHEL4 php-pear-4.3.9-3.9 php-4.3.9-3.9 php-gd-4.3.9-3.9 mysql-devel-4.1.12-3.RHEL4.1 mysql-server-4.1.12-3.RHEL4.1 mysql-4.1.12-3.RHEL4.1 spamassassin-3.0.4-1.el4 -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From richard.siddall at elirion.net Sun Feb 5 21:13:55 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Sun Feb 5 21:14:17 2006 Subject: New speed benchmark -- just virus scanning In-Reply-To: <43E5F6B8.1080603@ecs.soton.ac.uk> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <43E4D58D.4000809@ecs.soton.ac.uk> <43E50638.4060601@pixelhammer.com> <43E5F6B8.1080603@ecs.soton.ac.uk> Message-ID: <43E66A93.5060500@elirion.net> Julian Field wrote: > > I'm sorry but I have no intention of supporting qmail in MailScanner. > Nothing personal :-) > Could I ask why? (Several reasons spring to mind, such as: 1/ OpenProtect already does a good job. 2/ Julian likes qmail less than Postfix. 3/ Julian's overworked and doesn't want to take on another MTA 4/ There's no way of adding another MTA to Julian's test setup 5/ qmail's even less compatible with the dual-queue approach than Postfix. 6/ Julian relies on other people to handle extra MTA's and nobody volunteered to handle qmail. and so on.) Unfortunately, it looks like we'll be replacing our sendmail boxes with ones running qmail. I'm looking at qpsmtpd to replace the qmail front-end. Regards, Richard Siddall From smf at f2s.com Sun Feb 5 21:17:03 2006 From: smf at f2s.com (Steve Freegard) Date: Sun Feb 5 21:15:10 2006 Subject: errors when running mailwatch php/mysql In-Reply-To: <200602090821.AAA21504@sheridan.sibble.net> References: <200602090821.AAA21504@sheridan.sibble.net> Message-ID: <1139174223.16590.34.camel@localhost.localdomain> Hi Harondel, On Sun, 2006-02-05 at 12:55 -0800, Harondel J. Sibble wrote: > I've just spent the last few hours setting up mailwatch on a freshly built > centos 4.2 mail relay. Mailscanner is working fine with postfix. > > [client xxx.xxx.xxx.xxx] PHP Fatal error: Call to undefined function: > mysql_escape_string() in /var/www/html/mailscanner/functions.php on line 528 You don't have the MySQL PHP module installed - if you run php -m | grep -i mysql It won't return anything - run 'yum install php-mysql' and it should start working. Kind regards, Steve. P.S. Please don't post MailWatch questions on the MailScanner list - use the MailWatch list instead: http://lists.sourceforge.net/mailman/listinfo/mailwatch-users From MailScanner at ecs.soton.ac.uk Sun Feb 5 21:22:58 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Feb 5 21:22:58 2006 Subject: New speed benchmark -- just virus scanning In-Reply-To: <43E66A93.5060500@elirion.net> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <43E4D58D.4000809@ecs.soton.ac.uk> <43E50638.4060601@pixelhammer.com> <43E5F6B8.1080603@ecs.soton.ac.uk> <43E66A93.5060500@elirion.net> Message-ID: <43E66CB2.1010306@ecs.soton.ac.uk> Richard Siddall wrote: > Julian Field wrote: > >> I'm sorry but I have no intention of supporting qmail in MailScanner. >> Nothing personal :-) >> >> > > Could I ask why? (Several reasons spring to mind, such as: > 1/ OpenProtect already does a good job. > 2/ Julian likes qmail less than Postfix. > 3/ Julian's overworked and doesn't want to take on another MTA > 4/ There's no way of adding another MTA to Julian's test setup > 5/ qmail's even less compatible with the dual-queue approach than Postfix. > 6/ Julian relies on other people to handle extra MTA's and nobody > volunteered to handle qmail. > and so on.) > That just about covers the bases :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From matt at coders.co.uk Sun Feb 5 21:31:57 2006 From: matt at coders.co.uk (Matt Hampton) Date: Sun Feb 5 21:31:59 2006 Subject: errors when running mailwatch php/mysql In-Reply-To: <200602090821.AAA21504@sheridan.sibble.net> References: <200602090821.AAA21504@sheridan.sibble.net> Message-ID: <43E66ECD.7030500@coders.co.uk> Harondel J. Sibble wrote: > [client xxx.xxx.xxx.xxx] PHP Fatal error: Call to undefined function: > mysql_escape_string() in /var/www/html/mailscanner/functions.php on line 528 Thats because you haven't installed the php-mysql RPMS > > Relevant rpm versions: > > mailscanner-4.49.7-1 > postfix-2.1.5-4.2.RHEL4 > php-pear-4.3.9-3.9 > php-4.3.9-3.9 > php-gd-4.3.9-3.9 > mysql-devel-4.1.12-3.RHEL4.1 > mysql-server-4.1.12-3.RHEL4.1 > mysql-4.1.12-3.RHEL4.1 > spamassassin-3.0.4-1.el4 yum install php-mysql and service httpd restart should fix it. Matt From matt at coders.co.uk Sun Feb 5 21:33:32 2006 From: matt at coders.co.uk (Matt Hampton) Date: Sun Feb 5 21:33:34 2006 Subject: errors when running mailwatch php/mysql In-Reply-To: <200602090821.AAA21504@sheridan.sibble.net> References: <200602090821.AAA21504@sheridan.sibble.net> Message-ID: <43E66F2C.9050908@coders.co.uk> Harondel J. Sibble wrote: > I've just spent the last few hours setting up mailwatch on a freshly built > centos 4.2 mail relay. Mailscanner is working fine with postfix. > Also - this should really have been on the mailwatch list - not the mailscanner one. Only noticed after I hit send on the previous email...... ;-) matt From mailscanner at PDSCC.COM Sun Feb 5 21:48:21 2006 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Sun Feb 5 21:48:55 2006 Subject: errors when running mailwatch php/mysql In-Reply-To: <1139174223.16590.34.camel@localhost.localdomain> References: <200602090821.AAA21504@sheridan.sibble.net> Message-ID: <200602090913.BAA21775@sheridan.sibble.net> On 5 Feb 2006 at 21:17, Steve Freegard wrote: > You don't have the MySQL PHP module installed - if you run Thanks. that fixed it. > P.S. Please don't post MailWatch questions on the MailScanner list - > use the MailWatch list instead: Signing up now. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From ucs_rat at shsu.edu Sun Feb 5 23:39:45 2006 From: ucs_rat at shsu.edu (Robert A. Thompson) Date: Sun Feb 5 23:40:32 2006 Subject: hold mail Message-ID: <1139182785.20001.29.camel@ra.thehouse.com> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: smiley-3.png Type: image/png Size: 819 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060205/8470c672/smiley-3.png From alex at nkpanama.com Sun Feb 5 23:44:06 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Feb 5 23:44:16 2006 Subject: sendmail greet_pause feature In-Reply-To: <625385e30602050220r2ca97e13te036b7584f36951e@mail.gmail.com> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> <43E42DE0.7010401@nkpanama.com> <625385e30602050220r2ca97e13te036b7584f36951e@mail.gmail.com> Message-ID: <43E68DC6.7030803@nkpanama.com> What would be a reliable way to do it? IANAP, but there *should* be some form of a test that could be done using the actual sendmail executable, or some other testable function, right? What's involved? Maybe I can offer "the idiot suggestion" - you know, when every possible logical way of doing something has been tried, but then a complete idiot comes along and says something so illogical, so crazy, that it "just might work"... It *has* happened to me before, and it's taught me to always at least *consider* "idiot suggestions". shuttlebox wrote: > On 2/4/06, *Alex Neuman van der Hans* > wrote: > > Is there any way to run a check during install or upgrade to make > sure, and then set it (or give a warning)? Maybe it could get > incorporated into the next release. > > > It has already been in a previous release. It was based on Sendmail > debug output and caused a lot of problems so Julian removed it. Nobody > has posted a reliable way to detect it yet. > > -- > /peter -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060205/f4d02267/attachment.html From naolson at gmail.com Mon Feb 6 04:12:38 2006 From: naolson at gmail.com (Nathan Olson) Date: Mon Feb 6 04:12:43 2006 Subject: hold mail In-Reply-To: <1139182785.20001.29.camel@ra.thehouse.com> References: <1139182785.20001.29.camel@ra.thehouse.com> Message-ID: <8f54b4330602052012n4d32a964u1fa192d6a34e22f2@mail.gmail.com> Set sendmail to queue only and don't start any queue runners. Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060205/8469bc4e/attachment.html From dave.list at pixelhammer.com Mon Feb 6 05:18:58 2006 From: dave.list at pixelhammer.com (DAve) Date: Mon Feb 6 05:19:30 2006 Subject: New speed benchmark -- just virus scanning In-Reply-To: <43E66A93.5060500@elirion.net> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <43E4D58D.4000809@ecs.soton.ac.uk> <43E50638.4060601@pixelhammer.com> <43E5F6B8.1080603@ecs.soton.ac.uk> <43E66A93.5060500@elirion.net> Message-ID: <43E6DC42.2030107@pixelhammer.com> Richard Siddall wrote: > Julian Field wrote: > >>I'm sorry but I have no intention of supporting qmail in MailScanner. >>Nothing personal :-) >> > > > Could I ask why? (Several reasons spring to mind, such as: > 1/ OpenProtect already does a good job. > 2/ Julian likes qmail less than Postfix. Software wars, when I leave the internet business. I'll not miss the software wars. > 3/ Julian's overworked and doesn't want to take on another MTA > 4/ There's no way of adding another MTA to Julian's test setup > 5/ qmail's even less compatible with the dual-queue approach than Postfix. Why would that be? The "basic" premise of MS is an MTA delivers to queue-A, MS picks up from queue-A, processes, delivers to queue-B, an MTA picks up from queue-B and processes the resulting message. I know of several instances of people running two qmail queues on the same server. Run the outbound qmail process on another port or IP and the only problem would be teaching MS how qmail's queue is structured. (HA! Listen to me, like I could write the code to do that!!!) > 6/ Julian relies on other people to handle extra MTA's and nobody > volunteered to handle qmail. > and so on.) Hmmm, I need another hobby right?.......... > > Unfortunately, it looks like we'll be replacing our sendmail boxes with > ones running qmail. I'm looking at qpsmtpd to replace the qmail front-end. > > Regards, > > Richard Siddall We were there, and did replace our Sendmail boxes with qmail/vpopmail/mysql. Love it. But I put MS in front of them running Sendmail and I have to say I have been completely happy with Julian's software. Looking back I think it was the best decision, as my AV and RBL work is completely seperate from my delivery boxes. I like the seperation it provides. Someday, I will prod the company into actually giving *back* to the authors of all the opensource software we generate revenue with. Until then Julian has my wife and kids undying gratitude for allowing "Dad" to sleep at night. DAve From res at ausics.net Mon Feb 6 08:24:13 2006 From: res at ausics.net (Res) Date: Mon Feb 6 08:24:21 2006 Subject: New speed benchmark In-Reply-To: <223f97700602050802w7a1908c4l@mail.gmail.com> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> <223f97700602040217t77e23cd6k@mail.gmail.com> <223f97700602050802w7a1908c4l@mail.gmail.com> Message-ID: On Sun, 5 Feb 2006, Glenn Steen wrote: > discover that Mr Venema is indeed as opinionated and "political". thats one of the reasons i dont like associating with stuff, prolly also why i have such options on qmail as well, too far up emselves if you ask me :) I will keep pestering the sendmail guys for an optional config change :) > And from the above, one can infer that speed of processing/delivery > isn't a factor on my systems, so it'd be for purely ... > technology/statistical pleasure (on my part, at least:-). Yes, unfortunatly I deal with people who press send and expect the recipient to get it in nano seconds :( -- Cheers Res From MailScanner at ecs.soton.ac.uk Mon Feb 6 08:57:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 6 08:57:33 2006 Subject: How do I whitelist mail from internal processes? In-Reply-To: <43E67067.2020100@lists.mailscanner.info> References: <43E5FCC5.3090007@erus.co.uk> <43E5FEA8.8020304@ecs.soton.ac.uk> <43E67067.2020100@lists.mailscanner.info> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Glad you like it! Have you bought the book yet? Thanks, Jules. On 5 Feb 2006, at 21:38, MailScanner discussion wrote: > Rather than flooding the list with noise I thought I'd thank you > privately so: > > Thank You! > > I can't imagine getting such a quick and helpful response from any > other > authors of other software I use. > > Thank you for all your hard work and for an exceptional piece of > software. > Regards, > > Alex Pimperton > > > Julian Field wrote: >> Alex Pimperton wrote: >>> I went to whitelist 127.0.0.1/my external IP but after checking the >>> headers I realised there's no IP address I can whitelist as the >>> headers >>> are misssing the "Received: from" part. >>> >>> My headers look like: >>> >>> Delivered-To: root@erus.co.uk >>> Received: by mail.erus.co.uk (Postfix, from userid 0) >>> id CB681581D5; Sun, 5 Feb 2006 00:31:25 +0000 (GMT) >>> To: root@erus.co.uk >>> >>> How can I whitelist email that comes from internal processes >>> (LogWatch,Cron etc) without having to whitelist all email that >>> arrives >>> for root? >>> >> Don't worry, MailScanner doesn't use the headers, it gets the IP from >> the envelope, and puts in 127.0.0.1 if there isn't one. So if the MTA >> is invoked locally, the ip address will be 127.0.0.1. >> >> MailScanner will take pretty much any form of netword address you can >> come up with, so >> From: 127.0.0.1 no >> FromOrTo: default yes >> should work just fine. >> > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner , and is > believed to be clean. > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+cPd/w32o+k+q+hAQEzsgf+Lf21t2XVVEi2STfvltV1lXONw/WIIX0f z/C53ykxzf4+IvGoQWWbxc2QuETpdD888pexeHWDR/BMqNj/E2uEgIhhs9ufQ5S7 swXRtVM/Sf2PkLZFZjdRqpA0iQthw6yLyUJ7mAHHdM5vgfwgUGwtME9zGi05b9FV 0+qk13+l6smz8g+dCtsgtF3HZpTjdlMSxgw6PyS1jJe1mIva/v46T4zLGVdukkMg GcUCNvUrScGerfLPYdn2kbGhAk+EEL6abJMyfNjmAksUBuG8/ov7nHgPj+lx3ov1 MdLVrf/CCHSU27QHrgCOK238mxSL2cwmre32XLBXo/Eh3C+UeRV8ng== =DANM -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Feb 6 08:59:30 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 6 08:59:42 2006 Subject: hold mail In-Reply-To: <1139182785.20001.29.camel@ra.thehouse.com> References: <1139182785.20001.29.camel@ra.thehouse.com> Message-ID: <7F4A32BD-B591-4FCB-BDE1-14E22541421B@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 5 Feb 2006, at 23:39, Robert A. Thompson wrote: > this is kind of a backwards requests, but I'm having trouble > configing a box that I want to take in the mail and scan/clean it, > but not send it on. In short I want mail to get stuck in the > mqueue folder. Reading through the list I find lots of people > with this problem, but they don't know why. I want the problem... Set Delivery Method = queue in MailScanner.conf and don't run any sendmail queue runners. On a Linux system you can achieve this by issuing these 3 commands service MailScanner stop service MailScanner startin check_MailScanner That won't run "startout" which is the queue runner. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+cP9vw32o+k+q+hAQG9+gf+PLZbxjUzb9JfRxbGiNYZdkMYQiESFS/G fcMr8zw98+54++DKXetgrAVvOsejfaCgwHyrJ73H3r1eETHLsqH9JptLmNLqP2zZ tx+GEbz/wKfw6BnSTkMeokb0lwR7/ua8PDdfEXg7hw4L8OIMrKIKjZ3EIHQRo3Mz T6FplcbFrdLwdvjUA2Wi2inLpSCsMuMSy5IvKFt82k/tzJNHu2UhUJHVmCnEuQ21 zTg01x/n/BnuEcOXwzzYh8LtqCchtKuO7pKUn2brLt4wAQcBaUjpDmB0Y5EZQQry Ym1LNxuWDTP+eUtJjy/Spe8wVN3XwV2AjcmzwQkU4ZsXR613Io1omg== =/NFw -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Mon Feb 6 09:21:55 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 6 09:22:00 2006 Subject: New speed benchmark In-Reply-To: <43E4C0B9.4030905@ecs.soton.ac.uk> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> <223f97700602040217t77e23cd6k@mail.gmail.com> <43E48F99.6090508@ecs.soton.ac.uk> <43E49A83.8030308@enitech.com.au> <43E49C13.70802@ecs.soton.ac.uk> <223f97700602040601o45bd5e3bi@mail.gmail.com> <43E4C0B9.4030905@ecs.soton.ac.uk> Message-ID: <223f97700602060121j39c88a75w@mail.gmail.com> On 04/02/06, Julian Field wrote: > Glenn Steen wrote: > > BTW, Jules ... Could you, pretty please, look at my post about typos > > in actions? Or has that area been covered extensively before? > > > A patch for Message.pm is attached. Apply the patch with > > cd /usr/lib/MailScanner/MailScanner > gunzip Message.pm.patch.gz > patch < Message.pm.patch > > then restart MailScanner. > > It logs the error message to syslog and then adds the "deliver" action > to whatever you have set, just for safety so that no message is dropped > because of your typo. > > Due to the the list of spam actions is now parsed, as it has arbitrary > strings (including possibly multiple spaces) for headers, and email > addresses in it, it is no longer just a list of possible words. So it > cannot be caught by --lint. > > So it can only be detected when it is called at run-time, hence the > extra safety measure of adding the "deliver" action. > > Let me know how you get on. > Applied to my 4.50.14, working perfectly (reintroduced the error, and it still delivered... And carped nicely in the error log). Thank you. Will this be in the next release? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From wmcdonald at gmail.com Mon Feb 6 09:22:49 2006 From: wmcdonald at gmail.com (Will McDonald) Date: Mon Feb 6 09:22:51 2006 Subject: sendmail greet_pause feature In-Reply-To: <43E68DC6.7030803@nkpanama.com> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> <43E42DE0.7010401@nkpanama.com> <625385e30602050220r2ca97e13te036b7584f36951e@mail.gmail.com> <43E68DC6.7030803@nkpanama.com> Message-ID: <1f8fae340602060122p610f010cp@mail.gmail.com> On 05/02/06, Alex Neuman van der Hans wrote: > What would be a reliable way to do it? IANAP, but there *should* be some > form of a test that could be done using the actual sendmail executable, or > some other testable function, right? What's involved? Maybe I can offer "the > idiot suggestion" - you know, when every possible logical way of doing > something has been tried, but then a complete idiot comes along and says > something so illogical, so crazy, that it "just might work"... It *has* > happened to me before, and it's taught me to always at least *consider* > "idiot suggestions". I assume it was done previously with a sendmail -bt -dsomething ? # sendmail -bt -d < /dev/null | grep Version Are there sendmail releases this doesn't work on or gives unreliable output? Will. From wmcdonald at gmail.com Mon Feb 6 09:26:24 2006 From: wmcdonald at gmail.com (Will McDonald) Date: Mon Feb 6 09:26:25 2006 Subject: sendmail greet_pause feature In-Reply-To: <1f8fae340602060122p610f010cp@mail.gmail.com> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> <43E42DE0.7010401@nkpanama.com> <625385e30602050220r2ca97e13te036b7584f36951e@mail.gmail.com> <43E68DC6.7030803@nkpanama.com> <1f8fae340602060122p610f010cp@mail.gmail.com> Message-ID: <1f8fae340602060126y2e7c3512i@mail.gmail.com> On 06/02/06, Will McDonald wrote: > On 05/02/06, Alex Neuman van der Hans wrote: > > What would be a reliable way to do it? IANAP, but there *should* be some > > form of a test that could be done using the actual sendmail executable, or > > some other testable function, right? What's involved? Maybe I can offer "the > > idiot suggestion" - you know, when every possible logical way of doing > > something has been tried, but then a complete idiot comes along and says > > something so illogical, so crazy, that it "just might work"... It *has* > > happened to me before, and it's taught me to always at least *consider* > > "idiot suggestions". > > I assume it was done previously with a sendmail -bt -dsomething ? > > # sendmail -bt -d < /dev/null | grep Version > > Are there sendmail releases this doesn't work on or gives unreliable output? Futher Googling also turned up... echo '$v' | /usr/sbin/sendmail -bt Which returns just the version. Will. From MailScanner at ecs.soton.ac.uk Mon Feb 6 09:30:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 6 09:30:42 2006 Subject: New speed benchmark In-Reply-To: <223f97700602060121j39c88a75w@mail.gmail.com> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <625385e30602031538i12bcca4ao89307c037d002dc2@mail.gmail.com> <223f97700602040217t77e23cd6k@mail.gmail.com> <43E48F99.6090508@ecs.soton.ac.uk> <43E49A83.8030308@enitech.com.au> <43E49C13.70802@ecs.soton.ac.uk> <223f97700602040601o45bd5e3bi@mail.gmail.com> <43E4C0B9.4030905@ecs.soton.ac.uk> <223f97700602060121j39c88a75w@mail.gmail.com> Message-ID: <5211DE13-4070-4B77-8816-D6E0DC004CFF@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 6 Feb 2006, at 09:21, Glenn Steen wrote: > On 04/02/06, Julian Field wrote: >> Glenn Steen wrote: >>> BTW, Jules ... Could you, pretty please, look at my post about typos >>> in actions? Or has that area been covered extensively before? >>> >> A patch for Message.pm is attached. Apply the patch with >> >> cd /usr/lib/MailScanner/MailScanner >> gunzip Message.pm.patch.gz >> patch < Message.pm.patch >> >> then restart MailScanner. >> >> It logs the error message to syslog and then adds the "deliver" >> action >> to whatever you have set, just for safety so that no message is >> dropped >> because of your typo. >> >> Due to the the list of spam actions is now parsed, as it has >> arbitrary >> strings (including possibly multiple spaces) for headers, and email >> addresses in it, it is no longer just a list of possible words. So it >> cannot be caught by --lint. >> >> So it can only be detected when it is called at run-time, hence the >> extra safety measure of adding the "deliver" action. >> >> Let me know how you get on. >> > Applied to my 4.50.14, working perfectly (reintroduced the error, and > it still delivered... And carped nicely in the error log). > Thank you. > Will this be in the next release? Now you've confirmed it works, it will be in the next release. Thanks for testing it. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+cXOvw32o+k+q+hAQEHLwf+Iudmc/3CV6P5dYaljP6HmygI3F4ipk9E 31lol21/WIg0e1kx5YE8yGHq5rMCqGKvTjd4neaf8DOxn8ci7rFbXvSdkYRh0u/u b16brK8W4enZbqqjPqw0WbVN5xM08gIvG1kLoAN3A8jJvMUVHine4g9sXbt46IBW uC4L254oR9w3ILMafRKqvcv1s9DD/B9DVD3UwuyG5zJTrmqFYtFdio8tbN9HflIV ojzLm7A97Uhh9XjpB92PNzguxJdv7rSd83oFVQe5HEVpWX9FigKb4b2zsz0IWz/h 7/R6UKZhWA79jrL09w9TYvy9y1cWBsAck13lLkw41OMceA9VrDWZmQ== =5Jn/ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From a.peacock at chime.ucl.ac.uk Mon Feb 6 09:42:07 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Mon Feb 6 09:42:13 2006 Subject: qf file left behind In-Reply-To: <43E4DE4E.9050201@ecs.soton.ac.uk> References: <1139068913.3230.113.camel@ra.thehouse.com> <43E4D61A.5080708@ecs.soton.ac.uk> <43E4DE4E.9050201@ecs.soton.ac.uk> Message-ID: <43E719EF.5060404@chime.ucl.ac.uk> Hi, Julian Field wrote: > > > Robert A. Thompson wrote: >>> My best guess would be the Lock Type setting. If you are on Linux >>> running >>> sendmail 8.12 or older, you need to set Lock Type = flock, as it will >>> use >>> posix by default with sendmail. This is a change to previous versions, >>> most of my users run 8.13 on Linux so the default is set for them so >>> it is >>> correct for most people. But yours may be wrong. >>> >> >> appears to be a good guess (Thanks Julian). I've started tweaking with >> the locking and so far so good. In our case, I set it to posix. We are >> running rhel4 with sendmail 8.13 and mailscanner 4.49 (fixing to go to >> 50). We hadn't set any settings on lock type, but setting to posix and >> restarting appears to be doing the trick. (still early though) >> > sendmail 8.13 on Linux is the classic one that always needs to be posix. > This has become the default in MailScanner 4.50. Has anyone installed MailScanner 4.50 on Solaris yet? Does the change in the default setting have an impact on Sendmail 8.13 and Solaris? Up to now I have not had to change the default setting of Lock Type. Will this combination work equally well with posix or flock settings, or will I need to force Lock Type to be flock when I upgrade? -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From shuttlebox at gmail.com Mon Feb 6 09:51:49 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Feb 6 09:51:53 2006 Subject: sendmail greet_pause feature In-Reply-To: <1f8fae340602060126y2e7c3512i@mail.gmail.com> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> <43E42DE0.7010401@nkpanama.com> <625385e30602050220r2ca97e13te036b7584f36951e@mail.gmail.com> <43E68DC6.7030803@nkpanama.com> <1f8fae340602060122p610f010cp@mail.gmail.com> <1f8fae340602060126y2e7c3512i@mail.gmail.com> Message-ID: <625385e30602060151o2ce2bcd6rc85fddd4bc6643f@mail.gmail.com> On 2/6/06, Will McDonald wrote: > > > I assume it was done previously with a sendmail -bt -dsomething ? > > > > # sendmail -bt -d < /dev/null | grep Version > > > > Are there sendmail releases this doesn't work on or gives unreliable > output? > > Futher Googling also turned up... > > echo '$v' | /usr/sbin/sendmail -bt > > Which returns just the version. > Knowing the version is not the problem. If I remember correctly something like below was used: # /usr/lib/sendmail -bt -d < /dev/null | grep FLOCK Still it did not produce reliable results and people started to have locking issues so Julian removed it. If you're interested in the details it should be in mailing lists archive and also noted in Julian's change log a while back. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060206/1bcee274/attachment.html From shuttlebox at gmail.com Mon Feb 6 09:57:58 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Feb 6 09:58:01 2006 Subject: qf file left behind In-Reply-To: <43E719EF.5060404@chime.ucl.ac.uk> References: <1139068913.3230.113.camel@ra.thehouse.com> <43E4D61A.5080708@ecs.soton.ac.uk> <43E4DE4E.9050201@ecs.soton.ac.uk> <43E719EF.5060404@chime.ucl.ac.uk> Message-ID: <625385e30602060157r60412b33g503703820584f54c@mail.gmail.com> On 2/6/06, Anthony Peacock wrote: > > Has anyone installed MailScanner 4.50 on Solaris yet? > > Does the change in the default setting have an impact on Sendmail 8.13 > and Solaris? > > Up to now I have not had to change the default setting of Lock Type. > > Will this combination work equally well with posix or flock settings, or > will I need to force Lock Type to be flock when I upgrade? > I assume that as with other config options the lock type will stay set as flock if you had that before. Just check it before you start up again if you're not sure. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060206/82d8492d/attachment.html From a.peacock at chime.ucl.ac.uk Mon Feb 6 10:02:43 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Mon Feb 6 10:02:51 2006 Subject: qf file left behind In-Reply-To: <625385e30602060157r60412b33g503703820584f54c@mail.gmail.com> References: <1139068913.3230.113.camel@ra.thehouse.com> <43E4D61A.5080708@ecs.soton.ac.uk> <43E4DE4E.9050201@ecs.soton.ac.uk> <43E719EF.5060404@chime.ucl.ac.uk> <625385e30602060157r60412b33g503703820584f54c@mail.gmail.com> Message-ID: <43E71EC3.9060201@chime.ucl.ac.uk> Hi Peter, shuttlebox wrote: > On 2/6/06, *Anthony Peacock* > wrote: > > Has anyone installed MailScanner 4.50 on Solaris yet? > > Does the change in the default setting have an impact on Sendmail 8.13 > and Solaris? > > Up to now I have not had to change the default setting of Lock Type. > > Will this combination work equally well with posix or flock settings, or > will I need to force Lock Type to be flock when I upgrade? > > > I assume that as with other config options the lock type will stay set > as flock if you had that before. Just check it before you start up again > if you're not sure. Thanks for the response. I have never had to set the Lock Type setting, that is why I am asking. It was always empty and took the default. Logically, I am assuming that I will now need to set it to flock. I just wanted to see if that assumption is correct. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From shuttlebox at gmail.com Mon Feb 6 10:24:35 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Feb 6 10:24:38 2006 Subject: qf file left behind In-Reply-To: <43E71EC3.9060201@chime.ucl.ac.uk> References: <1139068913.3230.113.camel@ra.thehouse.com> <43E4D61A.5080708@ecs.soton.ac.uk> <43E4DE4E.9050201@ecs.soton.ac.uk> <43E719EF.5060404@chime.ucl.ac.uk> <625385e30602060157r60412b33g503703820584f54c@mail.gmail.com> <43E71EC3.9060201@chime.ucl.ac.uk> Message-ID: <625385e30602060224n62e9ba20p88cbdf41935acd3c@mail.gmail.com> On 2/6/06, Anthony Peacock wrote: > > Thanks for the response. I have never had to set the Lock Type setting, > that is why I am asking. It was always empty and took the default. > > Logically, I am assuming that I will now need to set it to flock. > > I just wanted to see if that assumption is correct. > You're right, it's empty by default. Then I guess you have to set it to flock with the current release. At least I will do that myself. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060206/0a99d6dc/attachment.html From glenn.steen at gmail.com Mon Feb 6 10:50:06 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 6 10:50:10 2006 Subject: We need to do some cleanup in the wiki... Message-ID: <223f97700602060250y34bea22ak@mail.gmail.com> I've been meaning to do this for a while, but have simply lacked the time:). I just did a search in the wiki for "spam.assassin.prefs.conf" ... a lot of hits for things like "sa-learn -p /path/to/spam.assassin.prefs.conf ...". Since version 4.48.4-2 this shouldn't be needed, so we need make some fairly obvious changes to these examples in the wiki... Perhaps not blithely remove the lines, but complement them with something like "After version 4.48.4-2 this file is included as a site rule file (mailscanner.cf), which will be read automatically by all calls to SA. Don't include it as a user prefs file in this case: ....". If I get a little more free time, I could do such changes, but best would be if everyone that feel they are .... responsible ... for a certain page do the relevant changes. There might be other notable things that should be reflected in the wiki too... The switch of default locking method come to mind:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Mon Feb 6 11:18:18 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 6 11:18:31 2006 Subject: We need to do some cleanup in the wiki... In-Reply-To: <223f97700602060250y34bea22ak@mail.gmail.com> References: <223f97700602060250y34bea22ak@mail.gmail.com> Message-ID: <814A6FA0-5B3B-4E93-BA55-DBC23252D998@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 6 Feb 2006, at 10:50, Glenn Steen wrote: > If I get a little more free time, I could do such changes, but best > would be if everyone that feel they are .... responsible ... for a > certain page do the relevant changes. I would be very grateful if people could keep the wiki up to date. A big problem with wikis is the information in them becoming stale. One major thing that needs (re)-writing is a Solaris installation guide. The current one (which I wrote a long time ago) is totally out of date and useless. I might well just remove it completely. I have someone doing a Solaris install at the moment, and being a newbie to Solaris he is hitting every problem in the book. So hopefully his writeup will be useful to other Solaris users. > > There might be other notable things that should be reflected in the > wiki too... The switch of default locking method come to mind:-). Yes, sorry I had to do that. But the vast majority of new MailScanner users are running sendmail 8.13 on Linux. So I had no option but to set the default to posix, or else all the inexperienced users out there would have to know to change an "Advanced" setting. A large proportion of my new users are hobbyist web hosting setups, where they have a web server at an ISP and provide net services for friends and a few local businesses. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+cwffw32o+k+q+hAQG2Qgf9HRya3LsTGnB56lyalQePgczIq0mF7Sh9 gg/yLL59cW1O5xjRuycf+OsgjOUZQYWswNCFhejiubm4iib89s2QW7rfJVoG9Q71 xIiqhn3h4Es0F1Hi1Ga5izAhewf79ra3xPT2RBb9OZmkxZUn/N4I/pTPCJGSsDbq F5hoYQGLUdvL+2MrAy6ZXAJ5dn+eXLzutBXK6ps9cFI8avIaHeFWfPunY+jwmslr kuw9Axwvfq5Y9WtIOffJ/QxQyaUisZs3K6rVGmq9HqnTKXxp+S5eo2AOrLDxI+Tm NI024fYeX/VLWJGC4wHdd0zVvFi59y/aLiBYRMGcb5C8vV9e11Fi2Q== =WJeZ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Peter.Bates at lshtm.ac.uk Mon Feb 6 11:22:05 2006 From: Peter.Bates at lshtm.ac.uk (Peter Bates) Date: Mon Feb 6 11:22:26 2006 Subject: A cautionary tale of Sophos and MS In-Reply-To: <223f97700602060250y34bea22ak@mail.gmail.com> References: <223f97700602060250y34bea22ak@mail.gmail.com> Message-ID: <43E7315D0200007600002DE6@193.63.251.15> Hello all... I arrived in this morning to assorted clamouring about a lack of external email. Looking closer, I could see that after the autoupdate of Sophos on Saturday night just after midnight, the version was 'out of date' so started throwing: Feb 4 00:08:03 postbox MailScanner[11382]: SophosSAVI::ERROR:: The main body of virus data is out of date (542):: ./AE3CA13F8E4.6C3F0/msg-11382-11.txt End result was all our external (in/out) email over the weekend has disappeared into the great bitbucket in the sky as this was then tagged as a 'Silent virus' and not quarantined. Entirely my fault for not updating Sophos for a couple of months, but might be something worth considering to include in 'Allowed Sophos Error Messages' if you're a Sophos user... that or still quarantine silent viruses and clear the quarantine out from time to time. Funny how these things catch you, even with 3 other AV engines! ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 From ramprasad at netcore.co.in Mon Feb 6 11:36:27 2006 From: ramprasad at netcore.co.in (Ramprasad) Date: Mon Feb 6 11:39:38 2006 Subject: New speed benchmark In-Reply-To: <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> Message-ID: <1139225787.11907.19.camel@darkstar.netcore.co.in> On Fri, 2006-02-03 at 11:06 +0000, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > On 3 Feb 2006, at 10:36, Res wrote: > > > On Thu, 2 Feb 2006, DAve wrote: > > > >> Julian Field wrote: > >>> -----BEGIN PGP SIGNED MESSAGE----- > >>> I forgot to add the MTA is sendmail > >>> On 2 Feb 2006, at 14:59, Julian Field wrote: > >>>> > Old Signed: 02/02/06 at 14:59:40 > >>>> I have just done a speed test. > >>>> Hardware: dual Opteron, 4Gb RAM, SCSI disk. > >>>> Software: RHEL4, MailScanner 4.50, SpamAssassin, DCC, Razor, > >>>> clamavmodule > >>>> MailScanner setup: default > >>>> Speed: 770,000 messages per day > >> > >> What happens at 780,000 messages a day? > >> > > > > and at what loads > > Maintained about 10 which is what I would expect. And do you have any statistics on what was the average mailq What was the average time a message would remain in queue waiting to be picked up by mailscanner Thanks Ram From MailScanner at ecs.soton.ac.uk Mon Feb 6 11:40:06 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 6 11:40:17 2006 Subject: A cautionary tale of Sophos and MS In-Reply-To: <43E7315D0200007600002DE6@193.63.251.15> References: <223f97700602060250y34bea22ak@mail.gmail.com> <43E7315D0200007600002DE6@193.63.251.15> Message-ID: <4B38775C-8CAB-499E-8709-8D59F4755FD4@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 6 Feb 2006, at 11:22, Peter Bates wrote: > > Hello all... > > I arrived in this morning to assorted clamouring about > a lack of external email. > > Looking closer, I could see that after the autoupdate of Sophos > on Saturday night just after midnight, the version was 'out of date' > so started throwing: > > Feb 4 00:08:03 postbox MailScanner[11382]: SophosSAVI::ERROR:: The > main body of virus data is out of date (542):: > ./AE3CA13F8E4.6C3F0/msg-11382-11.txt > > End result was all our external (in/out) email over the weekend has > disappeared into the great bitbucket in the sky as this was then > tagged > as a 'Silent virus' and not quarantined. > > Entirely my fault for not updating Sophos for a couple of months, but > might be something worth considering to include in 'Allowed Sophos > Error > Messages' if you're a Sophos user... that or still quarantine silent > viruses and clear the quarantine out from time to time. Eek! Sorry that happened. I have added that text to the list I supply in the sample line just above the real line. Do you think I should make the default setting this: Allowed Sophos Error Messages = "corrupt", "format not supported", "File was encrypted", "The main body of virus data is out of date" Any there that shouldn't be there by default? Your thoughts please... - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+c1m/w32o+k+q+hAQHW4Af/SH6g8rlzZSvNhs50rSqAx2vPukX1S/Ma 9CC/kxAy4FiWildo15BS4ZQ/xpDU/8EwM67HuwPyXdxB2TjEYZC7lLAByIMhrzcU pmz9Tzpr6TxXsfaGa+Id8E5mcHPe6g+NjddGCkrDl8c+/ZnXou14kVsYv4UpYwsK 1BcnbtgjfI6H85lU2h6UUHOwEnvY1NZSxJQtUXhgQgIA8Vdm5cnkJZNK7XpV5hh/ gMqx+WF4fpd+TMOPfROoFyiZJ7FFsIGx1GyjOx9yyuYnPDZ9DbwUybitIZ8KcbZZ gnRqSUma/d+jX7iXXIq/gFLa7F+15bcpodYYeCJX7wPWSQpKBzd9ag== =WZ43 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From C.P.Mills at cranfield.ac.uk Mon Feb 6 12:21:12 2006 From: C.P.Mills at cranfield.ac.uk (Mills Mr C P) Date: Mon Feb 6 12:22:33 2006 Subject: A cautionary tale of Sophos and MS Message-ID: <8612FDC208266E419168366E1D2E3B797B0FEB@CranfieldMail.shrivenham.cranfield.ac.uk> I would block password protected by default. If password protected files can not be scanned, they should not be allowed through automatically. Didn't netsky (or was it sobig?) use a password protected zip with the password in the body of the message to get around exactly this? Surely it won't take long for virus writers to realise they can just create password protected word files with dodgy macros in? Perhaps a setting which defines seperatly what to do with password protected files (including zips, word docs, excel spreads etc) would be helpful. Personally, I would like to dump or quarantine them on the grounds I cannot be sure they are clean. Or how about a generalised "Do something when virus result = regexp" type tag which would allow people to define their own rules for "corrupt", "password protected" etc? Talking of which, I asked a question last week which no one seems to have come up with a suggestion for. I want to dump all silent viruses, but quarantine and notify about password protected files which could not be scanned. Anyone have any ideas how? Regards Chris Mills, Cranfield University. -- Christopher P. Mills ? Cranfield University Shrivenham Campus Defence College of Management and Technology Defence Academy of the United Kingdom, Shrivenham, Swindon SN6 8LA Tel: +44 (0)1793 785 633 Fax: +44 (0)1793 785 903 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: 06 February 2006 11:40 > To: MailScanner discussion > Subject: Re: A cautionary tale of Sophos and MS > > -----BEGIN PGP SIGNED MESSAGE----- > > On 6 Feb 2006, at 11:22, Peter Bates wrote: > > > > Hello all... > > > > I arrived in this morning to assorted clamouring about a lack of > > external email. > > > > Looking closer, I could see that after the autoupdate of Sophos on > > Saturday night just after midnight, the version was 'out of date' > > so started throwing: > > > > Feb 4 00:08:03 postbox MailScanner[11382]: SophosSAVI::ERROR:: The > > main body of virus data is out of date (542):: > > ./AE3CA13F8E4.6C3F0/msg-11382-11.txt > > > > End result was all our external (in/out) email over the weekend has > > disappeared into the great bitbucket in the sky as this was then > > tagged as a 'Silent virus' and not quarantined. > > > > Entirely my fault for not updating Sophos for a couple of > months, but > > might be something worth considering to include in 'Allowed Sophos > > Error Messages' if you're a Sophos user... that or still quarantine > > silent viruses and clear the quarantine out from time to time. > > Eek! Sorry that happened. I have added that text to the list > I supply in the sample line just above the real line. > Do you think I should make the default setting this: > > Allowed Sophos Error Messages = "corrupt", "format not > supported", "File was encrypted", "The main body of virus > data is out of date" > > Any there that shouldn't be there by default? > Your thoughts please... > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store PGP > footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.4 (Build 4042) > > iQEVAwUBQ+c1m/w32o+k+q+hAQHW4Af/SH6g8rlzZSvNhs50rSqAx2vPukX1S/Ma > 9CC/kxAy4FiWildo15BS4ZQ/xpDU/8EwM67HuwPyXdxB2TjEYZC7lLAByIMhrzcU > pmz9Tzpr6TxXsfaGa+Id8E5mcHPe6g+NjddGCkrDl8c+/ZnXou14kVsYv4UpYwsK > 1BcnbtgjfI6H85lU2h6UUHOwEnvY1NZSxJQtUXhgQgIA8Vdm5cnkJZNK7XpV5hh/ > gMqx+WF4fpd+TMOPfROoFyiZJ7FFsIGx1GyjOx9yyuYnPDZ9DbwUybitIZ8KcbZZ > gnRqSUma/d+jX7iXXIq/gFLa7F+15bcpodYYeCJX7wPWSQpKBzd9ag== > =WZ43 > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3094 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060206/b4243044/smime.bin From shuttlebox at gmail.com Mon Feb 6 12:47:18 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Feb 6 12:47:21 2006 Subject: We need to do some cleanup in the wiki... In-Reply-To: <814A6FA0-5B3B-4E93-BA55-DBC23252D998@ecs.soton.ac.uk> References: <223f97700602060250y34bea22ak@mail.gmail.com> <814A6FA0-5B3B-4E93-BA55-DBC23252D998@ecs.soton.ac.uk> Message-ID: <625385e30602060447p1bb30e7cy51b09626ef9a26b3@mail.gmail.com> On 2/6/06, Julian Field wrote: > > One major thing that needs (re)-writing is a Solaris installation > guide. The current one (which I wrote a long time ago) is totally out > of date and useless. I might well just remove it completely. I have > someone doing a Solaris install at the moment, and being a newbie to > Solaris he is hitting every problem in the book. So hopefully his > writeup will be useful to other Solaris users. > A Solaris newbie or a Unix newbie? Isn't the install documents for Solaris and the tar distribution still current? I use them on current systems with no problems. I am however getting involved with Blastwave about adding MailScanner to their excellent collection of super-easy (apt style) to install packages. They already have everything else like all needed Perl modules, Sendmail, SpamAssassin, Clam and DCC. They are always quick to release new versions as well. If I could get MailScanner in there it would be very easy for a newbie to install it (pkg-get -i mailscanner). As for most us though, time is not an unlimited resource. :-( -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060206/9724ba06/attachment.html From nerijus at users.sourceforge.net Mon Feb 6 13:14:03 2006 From: nerijus at users.sourceforge.net (Nerijus Baliunas) Date: Mon Feb 6 13:14:26 2006 Subject: A cautionary tale of Sophos and MS In-Reply-To: <8612FDC208266E419168366E1D2E3B797B0FEB@CranfieldMail.shrivenham.cranfield.ac.uk> References: <8612FDC208266E419168366E1D2E3B797B0FEB@CranfieldMail.shrivenham.cranfield.ac.uk> Message-ID: <20060206131403.F3FC6BB49@mx.dtiltas.lt> On Mon, 6 Feb 2006 12:21:12 -0000 Mills Mr C P wrote: > I would block password protected by default. There is a special MailScanner setting for this, so there is no need to let Sophos block them (as it will not honour MailScanner setting in such case). Regards, Nerijus From campbell at cnpapers.com Mon Feb 6 14:05:31 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Feb 6 14:05:43 2006 Subject: MailScanner lint errors? References: <43E650E2.7050805@rogers.com> <43E65582.6040709@ecs.soton.ac.uk> <43E65C25.7000809@rogers.com> Message-ID: <00ac01c62b26$647293e0$0705000a@DDF5DW71> Julian, I'm seeing the same with respect to the PID file. My conf file points to /var/run/ and the file does exist. I'm also seeing the dual restart problem, where I am required to start MS twice if I stop it. I alway need to 'killall sendmail', but this doesn't cause the need to start MS twice. There are no sendmail processes running before I start MS. There are no log errors, it just doesn't start. I just thought I would mention this off-thread part in case it might have something to do with the PID problem. MS 4.50-15 MailWatch 1.0.3 SA 3.10 (or whatever was the latest as of last week) Tao Linux 1.0 Update 6 Thanks. Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: "Gerry Doris" To: "MailScanner discussion" Sent: Sunday, February 05, 2006 3:12 PM Subject: Re: MailScanner lint errors? > Julian Field wrote: >> I strongly suspect that none are relevant, apart from the Cannot write >> pid file error. Check this is set to something in your MailScanner.conf >> file. > > I checked MailScanner.conf and the MailScanner PID is set to > /var/run/MailScanner.pid The file is really there and is being used. > > Like I said, there are no errors in any logs and mail is being sent and > received. It was working but I can't remember the last time I tried it. > > I'm using the latest MailWatch. Would that be confusing the MailScanner > lint operation? > > >> >> Gerry Doris wrote: >> >>> I've started seeing errors after running MailScanner --lint which I >>> haven't seen before. >>> >>> I was running 4.50.10 and decided to upgrade to 4.50.15 today. >>> Everything went well and MailScanner is working properly. I see no >>> errors in any of the logs. Mail is being accepted and delivered. >>> >>> MailScanner -v runs without errors but when I run MailScanner --lint I >>> get the following: >>> >>> [root@tiger MailScanner]# MailScanner --lint >>> Read 701 hostnames from the phishing whitelist >>> Config: calling custom init function SQLBlacklist >>> Config: calling custom init function MailWatchLogging >>> Config: calling custom init function SQLWhitelist >>> Cannot write pid file , No such file or directory at >>> /usr/sbin/MailScanner line 1238 >>> Checking for SpamAssassin errors (if you use it)... >>> Using SpamAssassin results cache >>> Connected to SpamAssassin cache database >>> SpamAssassin reported no errors. >>> >>> MailScanner.conf says "Virus Scanners = clamavmodule f-prot trend >>> bitdefender" >>> >>> Use of uninitialized value in split at >>> /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2879. >>> Use of uninitialized value in concatenation (.) or string at >>> /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>> Use of uninitialized value in concatenation (.) or string at >>> /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>> Can't exec "-IsItInstalled": No such file or directory at >>> /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2882. >>> ...snip >>> the above is repeated 5 more times >>> ...snip >>> >>> Found these virus scanners installed: bitdefender, f-prot, clamavmodule, >>> trend >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Feb 6 14:13:19 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 6 14:13:30 2006 Subject: MailScanner lint errors? In-Reply-To: <00ac01c62b26$647293e0$0705000a@DDF5DW71> References: <43E650E2.7050805@rogers.com> <43E65582.6040709@ecs.soton.ac.uk> <43E65C25.7000809@rogers.com> <00ac01c62b26$647293e0$0705000a@DDF5DW71> Message-ID: <41671272-FEDB-4164-A786-3FA2418554D1@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 6 Feb 2006, at 14:05, Steve Campbell wrote: > Julian, > > I'm seeing the same with respect to the PID file. My conf file > points to /var/run/ and the file does exist. I'll take a look at this problem. What are your "Run As User" and "Run As Group" set to? > I'm also seeing the dual restart problem, where I am required to > start MS twice if I stop it. I alway need to 'killall sendmail', > but this doesn't cause the need to start MS twice. There are no > sendmail processes running before I start MS. There are no log > errors, it just doesn't start. I just thought I would mention this > off-thread part in case it might have something to do with the PID > problem. Most likely cause is not waiting long enough between stopping and starting. If there are any MailScanner processes still clearing up, then it won't start. Just restarting it again will extend the delay. > > MS 4.50-15 > MailWatch 1.0.3 > SA 3.10 (or whatever was the latest as of last week) > Tao Linux 1.0 Update 6 > > Thanks. > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > > > > ----- Original Message ----- From: "Gerry Doris" > To: "MailScanner discussion" > Sent: Sunday, February 05, 2006 3:12 PM > Subject: Re: MailScanner lint errors? > > >> Julian Field wrote: >>> I strongly suspect that none are relevant, apart from the Cannot >>> write pid file error. Check this is set to something in your >>> MailScanner.conf file. >> >> I checked MailScanner.conf and the MailScanner PID is set to /var/ >> run/MailScanner.pid The file is really there and is being used. >> >> Like I said, there are no errors in any logs and mail is being >> sent and received. It was working but I can't remember the last >> time I tried it. >> >> I'm using the latest MailWatch. Would that be confusing the >> MailScanner lint operation? >> >> >>> >>> Gerry Doris wrote: >>> >>>> I've started seeing errors after running MailScanner --lint >>>> which I haven't seen before. >>>> >>>> I was running 4.50.10 and decided to upgrade to 4.50.15 today. >>>> Everything went well and MailScanner is working properly. I see >>>> no errors in any of the logs. Mail is being accepted and >>>> delivered. >>>> >>>> MailScanner -v runs without errors but when I run MailScanner -- >>>> lint I get the following: >>>> >>>> [root@tiger MailScanner]# MailScanner --lint >>>> Read 701 hostnames from the phishing whitelist >>>> Config: calling custom init function SQLBlacklist >>>> Config: calling custom init function MailWatchLogging >>>> Config: calling custom init function SQLWhitelist >>>> Cannot write pid file , No such file or directory at /usr/sbin/ >>>> MailScanner line 1238 >>>> Checking for SpamAssassin errors (if you use it)... >>>> Using SpamAssassin results cache >>>> Connected to SpamAssassin cache database >>>> SpamAssassin reported no errors. >>>> >>>> MailScanner.conf says "Virus Scanners = clamavmodule f-prot >>>> trend bitdefender" >>>> >>>> Use of uninitialized value in split at /usr/lib/MailScanner/ >>>> MailScanner/SweepViruses.pm line 2879. >>>> Use of uninitialized value in concatenation (.) or string at / >>>> usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>>> Use of uninitialized value in concatenation (.) or string at / >>>> usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>>> Can't exec "-IsItInstalled": No such file or directory at /usr/ >>>> lib/MailScanner/MailScanner/SweepViruses.pm line 2882. >>>> ...snip >>>> the above is repeated 5 more times >>>> ...snip >>>> >>>> Found these virus scanners installed: bitdefender, f-prot, >>>> clamavmodule, trend >>> >>> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+dZgvw32o+k+q+hAQG61AgAmQhhlnMY2x1Ze2Sxm4bXrwuLancKv54G leY3Aj+Ac/AJVdkqGGHUGSRb6f0xn0YD/XTvJY6lcISunvKF7ofukk4KgKoHyEgJ R0HSwASUqal52vcYBsJwfRf5ppx9ytaX5vfqyfJieqg+CpD2X8TAcEa+Rqu7V7ZP 7oOBU+RMsdzMJeh8qlxX8ivpEQnd5EEeQOAaMEKmUYqm/tePystfvRQCo9sQjthU wEcpp9+mpRGKTR8lzvXEQ1SZApThNhZ+PQxPGBLUQee3GhqFd4dzAEFpcJ6xINYc 6QcfT2Zg5fZsmI9Gs+jD7RXCShLgI/8+YbE9L/Ogfg+6crMQbK15Kg== =0kyC -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From campbell at cnpapers.com Mon Feb 6 14:33:10 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Feb 6 14:33:29 2006 Subject: MailScanner lint errors? References: <43E650E2.7050805@rogers.com> <43E65582.6040709@ecs.soton.ac.uk><43E65C25.7000809@rogers.com><00ac01c62b26$647293e0$0705000a@DDF5DW71> <41671272-FEDB-4164-A786-3FA2418554D1@ecs.soton.ac.uk> Message-ID: <019601c62b2a$421e2350$0705000a@DDF5DW71> Julian, ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Monday, February 06, 2006 9:13 AM Subject: Re: MailScanner lint errors? > -----BEGIN PGP SIGNED MESSAGE----- > > > On 6 Feb 2006, at 14:05, Steve Campbell wrote: > >> Julian, >> >> I'm seeing the same with respect to the PID file. My conf file >> points to /var/run/ and the file does exist. > > I'll take a look at this problem. What are your "Run As User" and > "Run As Group" set to? > These are set to , nothing. The PID file is owned by root.root. This does not seem to affect anything and MS runs with the error. >> I'm also seeing the dual restart problem, where I am required to >> start MS twice if I stop it. I alway need to 'killall sendmail', >> but this doesn't cause the need to start MS twice. There are no >> sendmail processes running before I start MS. There are no log >> errors, it just doesn't start. I just thought I would mention this >> off-thread part in case it might have something to do with the PID >> problem. > > Most likely cause is not waiting long enough between stopping and > starting. If there are any MailScanner processes still clearing up, > then it won't start. > Just restarting it again will extend the delay. I'll check the MailScanner processes before the next manual restarts. Thanks again. (I can never say that enough to you, Mr. Field) Steve Campbell campbell@cnpapers.com Charleston Newspapers > >> >> MS 4.50-15 >> MailWatch 1.0.3 >> SA 3.10 (or whatever was the latest as of last week) >> Tao Linux 1.0 Update 6 >> >> Thanks. >> >> Steve Campbell >> campbell@cnpapers.com >> Charleston Newspapers >> >> >> >> ----- Original Message ----- From: "Gerry Doris" >> To: "MailScanner discussion" >> Sent: Sunday, February 05, 2006 3:12 PM >> Subject: Re: MailScanner lint errors? >> >> >>> Julian Field wrote: >>>> I strongly suspect that none are relevant, apart from the Cannot >>>> write pid file error. Check this is set to something in your >>>> MailScanner.conf file. >>> >>> I checked MailScanner.conf and the MailScanner PID is set to /var/ >>> run/MailScanner.pid The file is really there and is being used. >>> >>> Like I said, there are no errors in any logs and mail is being >>> sent and received. It was working but I can't remember the last >>> time I tried it. >>> >>> I'm using the latest MailWatch. Would that be confusing the >>> MailScanner lint operation? >>> >>> >>>> >>>> Gerry Doris wrote: >>>> >>>>> I've started seeing errors after running MailScanner --lint >>>>> which I haven't seen before. >>>>> >>>>> I was running 4.50.10 and decided to upgrade to 4.50.15 today. >>>>> Everything went well and MailScanner is working properly. I see >>>>> no errors in any of the logs. Mail is being accepted and >>>>> delivered. >>>>> >>>>> MailScanner -v runs without errors but when I run MailScanner -- >>>>> lint I get the following: >>>>> >>>>> [root@tiger MailScanner]# MailScanner --lint >>>>> Read 701 hostnames from the phishing whitelist >>>>> Config: calling custom init function SQLBlacklist >>>>> Config: calling custom init function MailWatchLogging >>>>> Config: calling custom init function SQLWhitelist >>>>> Cannot write pid file , No such file or directory at /usr/sbin/ >>>>> MailScanner line 1238 >>>>> Checking for SpamAssassin errors (if you use it)... >>>>> Using SpamAssassin results cache >>>>> Connected to SpamAssassin cache database >>>>> SpamAssassin reported no errors. >>>>> >>>>> MailScanner.conf says "Virus Scanners = clamavmodule f-prot >>>>> trend bitdefender" >>>>> >>>>> Use of uninitialized value in split at /usr/lib/MailScanner/ >>>>> MailScanner/SweepViruses.pm line 2879. >>>>> Use of uninitialized value in concatenation (.) or string at / >>>>> usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>>>> Use of uninitialized value in concatenation (.) or string at / >>>>> usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>>>> Can't exec "-IsItInstalled": No such file or directory at /usr/ >>>>> lib/MailScanner/MailScanner/SweepViruses.pm line 2882. >>>>> ...snip >>>>> the above is repeated 5 more times >>>>> ...snip >>>>> >>>>> Found these virus scanners installed: bitdefender, f-prot, >>>>> clamavmodule, trend >>>> >>>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.4 (Build 4042) > > iQEVAwUBQ+dZgvw32o+k+q+hAQG61AgAmQhhlnMY2x1Ze2Sxm4bXrwuLancKv54G > leY3Aj+Ac/AJVdkqGGHUGSRb6f0xn0YD/XTvJY6lcISunvKF7ofukk4KgKoHyEgJ > R0HSwASUqal52vcYBsJwfRf5ppx9ytaX5vfqyfJieqg+CpD2X8TAcEa+Rqu7V7ZP > 7oOBU+RMsdzMJeh8qlxX8ivpEQnd5EEeQOAaMEKmUYqm/tePystfvRQCo9sQjthU > wEcpp9+mpRGKTR8lzvXEQ1SZApThNhZ+PQxPGBLUQee3GhqFd4dzAEFpcJ6xINYc > 6QcfT2Zg5fZsmI9Gs+jD7RXCShLgI/8+YbE9L/Ogfg+6crMQbK15Kg== > =0kyC > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Mon Feb 6 14:42:44 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 6 14:43:02 2006 Subject: MailScanner lint errors? In-Reply-To: <019601c62b2a$421e2350$0705000a@DDF5DW71> References: <43E650E2.7050805@rogers.com> <43E65582.6040709@ecs.soton.ac.uk><43E65C25.7000809@rogers.com><00ac01c62b26$647293e0$0705000a@DDF5DW71> <41671272-FEDB-4164-A786-3FA2418554D1@ecs.soton.ac.uk> <019601c62b2a$421e2350$0705000a@DDF5DW71> Message-ID: Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 487 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060206/11a38352/PGP.bin From campbell at cnpapers.com Mon Feb 6 15:05:46 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Feb 6 15:05:58 2006 Subject: MailScanner lint errors? References: <43E650E2.7050805@rogers.com><43E65582.6040709@ecs.soton.ac.uk><43E65C25.7000809@rogers.com><00ac01c62b26$647293e0$0705000a@DDF5DW71><41671272-FEDB-4164-A786-3FA2418554D1@ecs.soton.ac.uk><019601c62b2a$421e2350$0705000a@DDF5DW71> Message-ID: <00f801c62b2e$cf231270$0705000a@DDF5DW71> How do I apply this? I can't seem to uncompress it. Do I just cd /usr/sbin/ and run patch -p0 < MailScanner.patch once this is uncompressed? Thanks Steve ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Monday, February 06, 2006 9:42 AM Subject: Re: MailScanner lint errors? Please apply this patch to /usr/sbin/MailScanner and then try it again. -------------------------------------------------------------------------------- On 6 Feb 2006, at 14:33, Steve Campbell wrote: > Julian, > > ----- Original Message ----- From: "Julian Field" > > To: "MailScanner discussion" > Sent: Monday, February 06, 2006 9:13 AM > Subject: Re: MailScanner lint errors? > > >> -----BEGIN PGP SIGNED MESSAGE----- >> On 6 Feb 2006, at 14:05, Steve Campbell wrote: >>> Julian, >>> >>> I'm seeing the same with respect to the PID file. My conf file >>> points to /var/run/ and the file does exist. >> I'll take a look at this problem. What are your "Run As User" and >> "Run As Group" set to? > > These are set to , nothing. The PID file is owned by root.root. > > This does not seem to affect anything and MS runs with the error. > > >>> I'm also seeing the dual restart problem, where I am required to >>> start MS twice if I stop it. I alway need to 'killall sendmail', >>> but this doesn't cause the need to start MS twice. There are no >>> sendmail processes running before I start MS. There are no log >>> errors, it just doesn't start. I just thought I would mention >>> this off-thread part in case it might have something to do with >>> the PID problem. >> Most likely cause is not waiting long enough between stopping and >> starting. If there are any MailScanner processes still clearing >> up, then it won't start. >> Just restarting it again will extend the delay. > > I'll check the MailScanner processes before the next manual restarts. > > Thanks again. (I can never say that enough to you, Mr. Field) > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > >>> >>> MS 4.50-15 >>> MailWatch 1.0.3 >>> SA 3.10 (or whatever was the latest as of last week) >>> Tao Linux 1.0 Update 6 >>> >>> Thanks. >>> >>> Steve Campbell >>> campbell@cnpapers.com >>> Charleston Newspapers >>> >>> >>> >>> ----- Original Message ----- From: "Gerry Doris" >>> To: "MailScanner discussion" >>> Sent: Sunday, February 05, 2006 3:12 PM >>> Subject: Re: MailScanner lint errors? >>> >>> >>>> Julian Field wrote: >>>>> I strongly suspect that none are relevant, apart from the >>>>> Cannot write pid file error. Check this is set to something in >>>>> your MailScanner.conf file. >>>> >>>> I checked MailScanner.conf and the MailScanner PID is set to / >>>> var/ run/MailScanner.pid The file is really there and is being >>>> used. >>>> >>>> Like I said, there are no errors in any logs and mail is being >>>> sent and received. It was working but I can't remember the >>>> last time I tried it. >>>> >>>> I'm using the latest MailWatch. Would that be confusing the >>>> MailScanner lint operation? >>>> >>>> >>>>> >>>>> Gerry Doris wrote: >>>>> >>>>>> I've started seeing errors after running MailScanner --lint >>>>>> which I haven't seen before. >>>>>> >>>>>> I was running 4.50.10 and decided to upgrade to 4.50.15 >>>>>> today. Everything went well and MailScanner is working >>>>>> properly. I see no errors in any of the logs. Mail is being >>>>>> accepted and delivered. >>>>>> >>>>>> MailScanner -v runs without errors but when I run MailScanner >>>>>> -- lint I get the following: >>>>>> >>>>>> [root@tiger MailScanner]# MailScanner --lint >>>>>> Read 701 hostnames from the phishing whitelist >>>>>> Config: calling custom init function SQLBlacklist >>>>>> Config: calling custom init function MailWatchLogging >>>>>> Config: calling custom init function SQLWhitelist >>>>>> Cannot write pid file , No such file or directory at /usr/ >>>>>> sbin/ MailScanner line 1238 >>>>>> Checking for SpamAssassin errors (if you use it)... >>>>>> Using SpamAssassin results cache >>>>>> Connected to SpamAssassin cache database >>>>>> SpamAssassin reported no errors. >>>>>> >>>>>> MailScanner.conf says "Virus Scanners = clamavmodule f-prot >>>>>> trend bitdefender" >>>>>> >>>>>> Use of uninitialized value in split at /usr/lib/MailScanner/ >>>>>> MailScanner/SweepViruses.pm line 2879. >>>>>> Use of uninitialized value in concatenation (.) or string at / >>>>>> usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>>>>> Use of uninitialized value in concatenation (.) or string at / >>>>>> usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>>>>> Can't exec "-IsItInstalled": No such file or directory at / >>>>>> usr/ lib/MailScanner/MailScanner/SweepViruses.pm line 2882. >>>>>> ...snip >>>>>> the above is repeated 5 more times >>>>>> ...snip >>>>>> >>>>>> Found these virus scanners installed: bitdefender, f-prot, >>>>>> clamavmodule, trend >>>>> >>>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> - -- Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.4 (Build 4042) >> iQEVAwUBQ+dZgvw32o+k+q+hAQG61AgAmQhhlnMY2x1Ze2Sxm4bXrwuLancKv54G >> leY3Aj+Ac/AJVdkqGGHUGSRb6f0xn0YD/XTvJY6lcISunvKF7ofukk4KgKoHyEgJ >> R0HSwASUqal52vcYBsJwfRf5ppx9ytaX5vfqyfJieqg+CpD2X8TAcEa+Rqu7V7ZP >> 7oOBU+RMsdzMJeh8qlxX8ivpEQnd5EEeQOAaMEKmUYqm/tePystfvRQCo9sQjthU >> wEcpp9+mpRGKTR8lzvXEQ1SZApThNhZ+PQxPGBLUQee3GhqFd4dzAEFpcJ6xINYc >> 6QcfT2Zg5fZsmI9Gs+jD7RXCShLgI/8+YbE9L/Ogfg+6crMQbK15Kg== >> =0kyC >> -----END PGP SIGNATURE----- >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> Before posting, read http://wiki.mailscanner.info/posting >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------------------------------------------------------------- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From campbell at cnpapers.com Mon Feb 6 15:07:33 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Feb 6 15:07:42 2006 Subject: MailScanner lint errors? References: <43E650E2.7050805@rogers.com><43E65582.6040709@ecs.soton.ac.uk><43E65C25.7000809@rogers.com><00ac01c62b26$647293e0$0705000a@DDF5DW71><41671272-FEDB-4164-A786-3FA2418554D1@ecs.soton.ac.uk><019601c62b2a$421e2350$0705000a@DDF5DW71> Message-ID: <010701c62b2f$0ed22c30$0705000a@DDF5DW71> Never mind about the uncompression, (typo) Steve ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Monday, February 06, 2006 9:42 AM Subject: Re: MailScanner lint errors? Please apply this patch to /usr/sbin/MailScanner and then try it again. -------------------------------------------------------------------------------- On 6 Feb 2006, at 14:33, Steve Campbell wrote: > Julian, > > ----- Original Message ----- From: "Julian Field" > > To: "MailScanner discussion" > Sent: Monday, February 06, 2006 9:13 AM > Subject: Re: MailScanner lint errors? > > >> -----BEGIN PGP SIGNED MESSAGE----- >> On 6 Feb 2006, at 14:05, Steve Campbell wrote: >>> Julian, >>> >>> I'm seeing the same with respect to the PID file. My conf file >>> points to /var/run/ and the file does exist. >> I'll take a look at this problem. What are your "Run As User" and >> "Run As Group" set to? > > These are set to , nothing. The PID file is owned by root.root. > > This does not seem to affect anything and MS runs with the error. > > >>> I'm also seeing the dual restart problem, where I am required to >>> start MS twice if I stop it. I alway need to 'killall sendmail', >>> but this doesn't cause the need to start MS twice. There are no >>> sendmail processes running before I start MS. There are no log >>> errors, it just doesn't start. I just thought I would mention >>> this off-thread part in case it might have something to do with >>> the PID problem. >> Most likely cause is not waiting long enough between stopping and >> starting. If there are any MailScanner processes still clearing >> up, then it won't start. >> Just restarting it again will extend the delay. > > I'll check the MailScanner processes before the next manual restarts. > > Thanks again. (I can never say that enough to you, Mr. Field) > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > >>> >>> MS 4.50-15 >>> MailWatch 1.0.3 >>> SA 3.10 (or whatever was the latest as of last week) >>> Tao Linux 1.0 Update 6 >>> >>> Thanks. >>> >>> Steve Campbell >>> campbell@cnpapers.com >>> Charleston Newspapers >>> >>> >>> >>> ----- Original Message ----- From: "Gerry Doris" >>> To: "MailScanner discussion" >>> Sent: Sunday, February 05, 2006 3:12 PM >>> Subject: Re: MailScanner lint errors? >>> >>> >>>> Julian Field wrote: >>>>> I strongly suspect that none are relevant, apart from the >>>>> Cannot write pid file error. Check this is set to something in >>>>> your MailScanner.conf file. >>>> >>>> I checked MailScanner.conf and the MailScanner PID is set to / >>>> var/ run/MailScanner.pid The file is really there and is being >>>> used. >>>> >>>> Like I said, there are no errors in any logs and mail is being >>>> sent and received. It was working but I can't remember the >>>> last time I tried it. >>>> >>>> I'm using the latest MailWatch. Would that be confusing the >>>> MailScanner lint operation? >>>> >>>> >>>>> >>>>> Gerry Doris wrote: >>>>> >>>>>> I've started seeing errors after running MailScanner --lint >>>>>> which I haven't seen before. >>>>>> >>>>>> I was running 4.50.10 and decided to upgrade to 4.50.15 >>>>>> today. Everything went well and MailScanner is working >>>>>> properly. I see no errors in any of the logs. Mail is being >>>>>> accepted and delivered. >>>>>> >>>>>> MailScanner -v runs without errors but when I run MailScanner >>>>>> -- lint I get the following: >>>>>> >>>>>> [root@tiger MailScanner]# MailScanner --lint >>>>>> Read 701 hostnames from the phishing whitelist >>>>>> Config: calling custom init function SQLBlacklist >>>>>> Config: calling custom init function MailWatchLogging >>>>>> Config: calling custom init function SQLWhitelist >>>>>> Cannot write pid file , No such file or directory at /usr/ >>>>>> sbin/ MailScanner line 1238 >>>>>> Checking for SpamAssassin errors (if you use it)... >>>>>> Using SpamAssassin results cache >>>>>> Connected to SpamAssassin cache database >>>>>> SpamAssassin reported no errors. >>>>>> >>>>>> MailScanner.conf says "Virus Scanners = clamavmodule f-prot >>>>>> trend bitdefender" >>>>>> >>>>>> Use of uninitialized value in split at /usr/lib/MailScanner/ >>>>>> MailScanner/SweepViruses.pm line 2879. >>>>>> Use of uninitialized value in concatenation (.) or string at / >>>>>> usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>>>>> Use of uninitialized value in concatenation (.) or string at / >>>>>> usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>>>>> Can't exec "-IsItInstalled": No such file or directory at / >>>>>> usr/ lib/MailScanner/MailScanner/SweepViruses.pm line 2882. >>>>>> ...snip >>>>>> the above is repeated 5 more times >>>>>> ...snip >>>>>> >>>>>> Found these virus scanners installed: bitdefender, f-prot, >>>>>> clamavmodule, trend >>>>> >>>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> - -- Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.4 (Build 4042) >> iQEVAwUBQ+dZgvw32o+k+q+hAQG61AgAmQhhlnMY2x1Ze2Sxm4bXrwuLancKv54G >> leY3Aj+Ac/AJVdkqGGHUGSRb6f0xn0YD/XTvJY6lcISunvKF7ofukk4KgKoHyEgJ >> R0HSwASUqal52vcYBsJwfRf5ppx9ytaX5vfqyfJieqg+CpD2X8TAcEa+Rqu7V7ZP >> 7oOBU+RMsdzMJeh8qlxX8ivpEQnd5EEeQOAaMEKmUYqm/tePystfvRQCo9sQjthU >> wEcpp9+mpRGKTR8lzvXEQ1SZApThNhZ+PQxPGBLUQee3GhqFd4dzAEFpcJ6xINYc >> 6QcfT2Zg5fZsmI9Gs+jD7RXCShLgI/8+YbE9L/Ogfg+6crMQbK15Kg== >> =0kyC >> -----END PGP SIGNATURE----- >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> Before posting, read http://wiki.mailscanner.info/posting >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------------------------------------------------------------- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From campbell at cnpapers.com Mon Feb 6 15:12:36 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Feb 6 15:12:44 2006 Subject: MailScanner lint errors? References: <43E650E2.7050805@rogers.com><43E65582.6040709@ecs.soton.ac.uk><43E65C25.7000809@rogers.com><00ac01c62b26$647293e0$0705000a@DDF5DW71><41671272-FEDB-4164-A786-3FA2418554D1@ecs.soton.ac.uk><019601c62b2a$421e2350$0705000a@DDF5DW71> Message-ID: <011601c62b2f$c37f6080$0705000a@DDF5DW71> Seems to have done the trick. At least it doesn't report an error. Also, there were MailScanner processes running and 'waiting for' running after shutdown, so this is probably why the need for dual starts. Thanks Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Monday, February 06, 2006 9:42 AM Subject: Re: MailScanner lint errors? Please apply this patch to /usr/sbin/MailScanner and then try it again. -------------------------------------------------------------------------------- On 6 Feb 2006, at 14:33, Steve Campbell wrote: > Julian, > > ----- Original Message ----- From: "Julian Field" > > To: "MailScanner discussion" > Sent: Monday, February 06, 2006 9:13 AM > Subject: Re: MailScanner lint errors? > > >> -----BEGIN PGP SIGNED MESSAGE----- >> On 6 Feb 2006, at 14:05, Steve Campbell wrote: >>> Julian, >>> >>> I'm seeing the same with respect to the PID file. My conf file >>> points to /var/run/ and the file does exist. >> I'll take a look at this problem. What are your "Run As User" and >> "Run As Group" set to? > > These are set to , nothing. The PID file is owned by root.root. > > This does not seem to affect anything and MS runs with the error. > > >>> I'm also seeing the dual restart problem, where I am required to >>> start MS twice if I stop it. I alway need to 'killall sendmail', >>> but this doesn't cause the need to start MS twice. There are no >>> sendmail processes running before I start MS. There are no log >>> errors, it just doesn't start. I just thought I would mention >>> this off-thread part in case it might have something to do with >>> the PID problem. >> Most likely cause is not waiting long enough between stopping and >> starting. If there are any MailScanner processes still clearing >> up, then it won't start. >> Just restarting it again will extend the delay. > > I'll check the MailScanner processes before the next manual restarts. > > Thanks again. (I can never say that enough to you, Mr. Field) > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > >>> >>> MS 4.50-15 >>> MailWatch 1.0.3 >>> SA 3.10 (or whatever was the latest as of last week) >>> Tao Linux 1.0 Update 6 >>> >>> Thanks. >>> >>> Steve Campbell >>> campbell@cnpapers.com >>> Charleston Newspapers >>> >>> >>> >>> ----- Original Message ----- From: "Gerry Doris" >>> To: "MailScanner discussion" >>> Sent: Sunday, February 05, 2006 3:12 PM >>> Subject: Re: MailScanner lint errors? >>> >>> >>>> Julian Field wrote: >>>>> I strongly suspect that none are relevant, apart from the >>>>> Cannot write pid file error. Check this is set to something in >>>>> your MailScanner.conf file. >>>> >>>> I checked MailScanner.conf and the MailScanner PID is set to / >>>> var/ run/MailScanner.pid The file is really there and is being >>>> used. >>>> >>>> Like I said, there are no errors in any logs and mail is being >>>> sent and received. It was working but I can't remember the >>>> last time I tried it. >>>> >>>> I'm using the latest MailWatch. Would that be confusing the >>>> MailScanner lint operation? >>>> >>>> >>>>> >>>>> Gerry Doris wrote: >>>>> >>>>>> I've started seeing errors after running MailScanner --lint >>>>>> which I haven't seen before. >>>>>> >>>>>> I was running 4.50.10 and decided to upgrade to 4.50.15 >>>>>> today. Everything went well and MailScanner is working >>>>>> properly. I see no errors in any of the logs. Mail is being >>>>>> accepted and delivered. >>>>>> >>>>>> MailScanner -v runs without errors but when I run MailScanner >>>>>> -- lint I get the following: >>>>>> >>>>>> [root@tiger MailScanner]# MailScanner --lint >>>>>> Read 701 hostnames from the phishing whitelist >>>>>> Config: calling custom init function SQLBlacklist >>>>>> Config: calling custom init function MailWatchLogging >>>>>> Config: calling custom init function SQLWhitelist >>>>>> Cannot write pid file , No such file or directory at /usr/ >>>>>> sbin/ MailScanner line 1238 >>>>>> Checking for SpamAssassin errors (if you use it)... >>>>>> Using SpamAssassin results cache >>>>>> Connected to SpamAssassin cache database >>>>>> SpamAssassin reported no errors. >>>>>> >>>>>> MailScanner.conf says "Virus Scanners = clamavmodule f-prot >>>>>> trend bitdefender" >>>>>> >>>>>> Use of uninitialized value in split at /usr/lib/MailScanner/ >>>>>> MailScanner/SweepViruses.pm line 2879. >>>>>> Use of uninitialized value in concatenation (.) or string at / >>>>>> usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>>>>> Use of uninitialized value in concatenation (.) or string at / >>>>>> usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>>>>> Can't exec "-IsItInstalled": No such file or directory at / >>>>>> usr/ lib/MailScanner/MailScanner/SweepViruses.pm line 2882. >>>>>> ...snip >>>>>> the above is repeated 5 more times >>>>>> ...snip >>>>>> >>>>>> Found these virus scanners installed: bitdefender, f-prot, >>>>>> clamavmodule, trend >>>>> >>>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> - -- Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.4 (Build 4042) >> iQEVAwUBQ+dZgvw32o+k+q+hAQG61AgAmQhhlnMY2x1Ze2Sxm4bXrwuLancKv54G >> leY3Aj+Ac/AJVdkqGGHUGSRb6f0xn0YD/XTvJY6lcISunvKF7ofukk4KgKoHyEgJ >> R0HSwASUqal52vcYBsJwfRf5ppx9ytaX5vfqyfJieqg+CpD2X8TAcEa+Rqu7V7ZP >> 7oOBU+RMsdzMJeh8qlxX8ivpEQnd5EEeQOAaMEKmUYqm/tePystfvRQCo9sQjthU >> wEcpp9+mpRGKTR8lzvXEQ1SZApThNhZ+PQxPGBLUQee3GhqFd4dzAEFpcJ6xINYc >> 6QcfT2Zg5fZsmI9Gs+jD7RXCShLgI/8+YbE9L/Ogfg+6crMQbK15Kg== >> =0kyC >> -----END PGP SIGNATURE----- >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> Before posting, read http://wiki.mailscanner.info/posting >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -------------------------------------------------------------------------------- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From realmcking at gmail.com Mon Feb 6 15:15:40 2006 From: realmcking at gmail.com (Mark McCoy) Date: Mon Feb 6 15:15:44 2006 Subject: http://cme.mitre.org/index.html In-Reply-To: <43E3E330.4070006@crackerbarrel.com> References: <01ee01c62384$212adbf0$6500a8c0@kdinet.local> <43DA91F8.6080809@ecs.soton.ac.uk> <43E3E330.4070006@crackerbarrel.com> Message-ID: On 2/3/06, Carl Andrews wrote: > I just ran across this site and thought others on this list might find > it useful. With all of the different AV engines we use, it is nice to > see a place where all of the different names/aliases for each are > identified. > > > http://cme.mitre.org/index.html > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Nice. -- Mark McCoy -- Professional Unix geek "On two occasions I have been asked, 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. " -- Charles Babbage From bpumphrey at WoodMacLaw.com Mon Feb 6 15:16:45 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Mon Feb 6 15:16:49 2006 Subject: OT: Win32/Mywife.E@mm Message-ID: <04D932B0071FE34FA63EBB1977B48D15C2BD7B@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jim Holland > Sent: Saturday, February 04, 2006 8:27 AM > To: MailScanner discussion > Subject: RE: OT: Win32/Mywife.E@mm > > Someone wrote: > > > > > Naturally as long as everything is up to date things should be ok. > > > > People don't really know that a virus is going to happen before it > does > > > > do they? > > > > Only if the bug has a timer/date trigger in them. They get installed, > > > then lie in wait, and BAM do nasty things later. Once detected early, > > > we effectively reverse engineer the virus code, know that the virus > will > > > trigger in the future, thus know it's going to happen before. Once > users > > > update their scanning softs they can be assured the bug will be > > > eradicated before they trigger. > > > > The media is a funny animal, they latch onto these bugs seemingly at > > > random, spreading doom and gloom, when we techs know that new bugs are > > > a daily occurrence, and are quickly and quietly squished by anti-virus > > > community. > > Of course the media loves to hype these things, but I think that this was > a valid case for some extra attention. Not only was the worm particularly > destructive (just one single infected machine on a network could have > destroyed all files in a shared folder on a file server that the machine > had access to), but early copies did manage to get through the virus > scanners and MailScanner itself. I have not come across that situation > since the Bagle worm with its password-protected zip files. > > Because we log the attachments that are sent to users we were able to > determine that 6 of our 2500 members had received copies of the virus in > uuencoded form. One of those 6 then opened the attachment with WinZip and > got infected as a result. Fortunately we were able to clean up their > infection before Friday, so no damage was done. > > I think the media hype was a useful wakeup call to ordinary users to get > them to update their antivirus software and to keep backups on separate > media. > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > Good call and thanks for the responses guys. From cobalt-users1 at fishnet.co.uk Mon Feb 6 15:56:39 2006 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Mon Feb 6 15:54:22 2006 Subject: Process did not exit cleanly, returned 255 with signal 0 Message-ID: <43E771B7.31654.81EC448B@cobalt-users1.fishnet.co.uk> Hi, I get this error in /var/log/messages after upgrading MailScanner to the latest version: root: Process did not exit cleanly, returned 255 with signal 0 [root@host ~]# MailScanner -v Running on Linux host 2.6.12-1.1376_FC3 #1 Fri Aug 26 23:27:26 EDT 2005 i686 i686 i386 GNU/Linux This is Fedora Core release 3 (Heidelberg) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.50.15 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.32 HTML::Entities 3.48 HTML::Parser 2.35 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.03 MIME::QuotedPrint 5.419 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.08 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.810 DB_File 1.11 DBD::SQLite 1.50 DBI 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.001000 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.49 Net::DNS 0.31 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI I am running MailScanner with sendmail and using f-prot for virus scanning. At the moment all virus scanning is off and only SpamAssassin checks are on. SpamAssassin cache is off. Can someone pleas explain how I can debug this further? There is also one spam message stuck in my incoming queue directory, I can forward a copy if any wants it. Thanks Ian -- From mailscanner at PDSCC.COM Mon Feb 6 16:24:00 2006 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Mon Feb 6 16:24:05 2006 Subject: procedures for getting stuff out of the quarantine on older MS version In-Reply-To: References: <200507021155.EAA08363@sheridan.sibble.net> Message-ID: <200602100349.TAA26624@sheridan.sibble.net> Julian, did this ever get implemented? I don't see anything in the wiki about this... On 30 Jun 2005 at 11:48, Julian Field wrote: > What may be some use is a system we are working on here that will > allow users to retrieve files from the quarantine, with a sysadmin > approving or denying each case given the relevant log entries to look > at. > > This may be the solution for you. The guys working on it are busy > with other things today, but I would hope this system will be up and > running within the next couple of weeks or so. So version 1 will be > out then, and we will develop and improve the system once we start > using it in production. > > This will be available free from www.mailscanner.info. > > On 30 Jun 2005, at 07:28, Harondel J. Sibble wrote: > > > Forgot to mention, this is a mail relay box/frontend for the > > internal Samsung > > Contact machine that hosts all the mail and mail accounts. > > > > On 29 Jun 2005 at 23:21, Harondel J. Sibble wrote: > > > > > >> Have a mail relay box running an older version of MS, 4.25-14 to > >> be exact, > >> plans are to upgrade it in the next few weeks to the latest > >> version, however, > >> one small problem, wondering how other folks solved this, had a > >> look at the > >> maq's and faq's but didn't see anything specific to this: > >> > > > > -- > > Harondel J. Sibble > > Sibble Computer Consulting > > Creating solutions for the small business and home computer user. > > help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com > > (604) 739-3709 (voice/fax) (604) 686-2253 (pager) > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From listacct at tulsaconnect.com Mon Feb 6 16:37:54 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Mon Feb 6 16:37:50 2006 Subject: 4.50.15 - Big problems on FreeBSD / exim In-Reply-To: References: Message-ID: <43E77B62.20805@tulsaconnect.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > I have just released a new beta 4.50.12. See the Change Log for all > the details, it's getting pretty long this month. > > 1 particular feature I would like you to test for me: please set > Virus Scanners = auto > and see what it does. > > Thanks guys! We upgraded to 4.50.15 (from 4.47.4, which has been running fine) last night on our (4) MailScanner boxes. They are running FreeBSD 4.9 (a few 4.10) with 2GB of RAM and (1) 36GB 15KRPM SCSI drive. We run exim as the MTA (version 4.34) with a split spool. We use 3 different A/V scanners (mcafee, f-prot, and kaspersky) and have SpamAssassin 3.1.0 installed w/Perl 5.8.2. We load balance the incoming load via multiple DNS A-records, which has always worked fine. Anyway, after the upgrade, performance went down big time, and all of the boxes eventually died with an "out of swap space" type message (I did check that the disk has plenty of free space after a hard reboot to get the box back up and responsive). I'm still investigating (we've reverted back to 4.47.4 and are working our way through the 80,000 message backlog) but I thought I would report it ASAP. I did have the new SpamAssassin caching turned on, but other than that, I did not make any changes to my MailScanner.conf compared to the previous version. I did install the latest DBI and DBD::SqlLite via CPAN without a problem. We have MailScanner doing the RBL lookups against various DNSBLs, and it doesn't pass it to SA if it his a RBL. We have a copy of djbdns's dnscache running locally on each box for DNS lookup speed. If it does pass a RBL check, SA does do its normal amount of checking, including SURBL lookups. I do have a few rulesets I got from Rules De Jour installed and working, and I do use the "Is Definitely Not Spam = &ByDomainSpamWhitelist" for whitelist lookups. Once we catch up on the queue, I'll try and turn on debugging to see what the issue is. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From gmane at tippingmar.com Mon Feb 6 02:36:04 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Mon Feb 6 16:43:32 2006 Subject: MajorSophos update Message-ID: <43E6B614.4010603@tippingmar.com> According to the Sophos release notes: "There are two versions provided for Linux/Intel (libc6). Older libc6 systems should use the Linux on Intel (using libc6) version. This will work on systems with glibc 2.0 and 2.1. Newer libc6 systems with glibc 2.2 or above should use the glibc 2.2 tarball; this incorporates new features such as large file support and improved multi-threading capabilities." I guess this has been true for some time, but I have been happily (blindly?) using the older libc6 version with no problems on systems that could be using the glibc2.2 version. I recently switched to the glibc2.2 version though and had to tweak MajorSophos a bit to get it working. (MajorSophos is a shell script that downloads and installs the latest sophos program, usually run from cron once per month. MailScanner takes care of the hourly IDE updates.) The updated MajorSophos is available at http://www.tippingmar.com/majorsophos This version downloads and installs sophos for glibc2.2 by default but still has the older download file indicated in a comment line. It also has more complete version reporting since sophos now versions the product, engine, and virus data separately. It also unpacks the downloaded file before calling MailScanner's sophos installation script, since that script only unpacks the older libc6 version. Mark Nienberg Tipping Mar + associates Berkeley, CA From help at pdscc.com Mon Feb 6 16:23:27 2006 From: help at pdscc.com (Harondel J. Sibble) Date: Mon Feb 6 16:43:44 2006 Subject: procedures for getting stuff out of the quarantine on older MS version In-Reply-To: References: <200507021155.EAA08363@sheridan.sibble.net> Message-ID: <200602100348.TAA26615@sheridan.sibble.net> Julian, did this ever get implemented? I don't see anything in the wiki about this... On 30 Jun 2005 at 11:48, Julian Field wrote: > What may be some use is a system we are working on here that will > allow users to retrieve files from the quarantine, with a sysadmin > approving or denying each case given the relevant log entries to look > at. > > This may be the solution for you. The guys working on it are busy > with other things today, but I would hope this system will be up and > running within the next couple of weeks or so. So version 1 will be > out then, and we will develop and improve the system once we start > using it in production. > > This will be available free from www.mailscanner.info. > > On 30 Jun 2005, at 07:28, Harondel J. Sibble wrote: > > > Forgot to mention, this is a mail relay box/frontend for the > > internal Samsung > > Contact machine that hosts all the mail and mail accounts. > > > > On 29 Jun 2005 at 23:21, Harondel J. Sibble wrote: > > > > > >> Have a mail relay box running an older version of MS, 4.25-14 to > >> be exact, > >> plans are to upgrade it in the next few weeks to the latest > >> version, however, > >> one small problem, wondering how other folks solved this, had a > >> look at the > >> maq's and faq's but didn't see anything specific to this: > >> > > > > -- > > Harondel J. Sibble > > Sibble Computer Consulting > > Creating solutions for the small business and home computer user. > > help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com > > (604) 739-3709 (voice/fax) (604) 686-2253 (pager) > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From ius at rbrana.co.id Mon Feb 6 01:00:20 2006 From: ius at rbrana.co.id (ius) Date: Mon Feb 6 16:43:51 2006 Subject: dcc failure Message-ID: <43E69FA4.1020404@rbrana.co.id> Dear mailscanner, I got this error messages when do the spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf. My DCC installed properly and placed where it should be [7934] warn: config: failed to parse line, skipping: dcc_path /usr/local/bin/dccproc [7934] warn: config: failed to parse line, skipping: dcc_home /var/dcc Does anyone know what it is ? Thanks alot ius -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Feb 6 16:46:17 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 6 16:46:18 2006 Subject: procedures for getting stuff out of the quarantine on older MS version In-Reply-To: <200602100349.TAA26624@sheridan.sibble.net> References: <200507021155.EAA08363@sheridan.sibble.net> <200602100349.TAA26624@sheridan.sibble.net> Message-ID: <43E77D59.1030007@ecs.soton.ac.uk> It's finally in beta-testing. The guy who wrote it rather tailored it to our site unfortunately. I'll let you know when there is something presentable for you. Harondel J. Sibble wrote: > Julian, did this ever get implemented? I don't see anything in the wiki about > this... > > On 30 Jun 2005 at 11:48, Julian Field wrote: > > >> What may be some use is a system we are working on here that will >> allow users to retrieve files from the quarantine, with a sysadmin >> approving or denying each case given the relevant log entries to look >> at. >> >> This may be the solution for you. The guys working on it are busy >> with other things today, but I would hope this system will be up and >> running within the next couple of weeks or so. So version 1 will be >> out then, and we will develop and improve the system once we start >> using it in production. >> >> This will be available free from www.mailscanner.info. >> >> On 30 Jun 2005, at 07:28, Harondel J. Sibble wrote: >> >> >>> Forgot to mention, this is a mail relay box/frontend for the >>> internal Samsung >>> Contact machine that hosts all the mail and mail accounts. >>> >>> On 29 Jun 2005 at 23:21, Harondel J. Sibble wrote: >>> >>> >>> >>>> Have a mail relay box running an older version of MS, 4.25-14 to >>>> be exact, >>>> plans are to upgrade it in the next few weeks to the latest >>>> version, however, >>>> one small problem, wondering how other folks solved this, had a >>>> look at the >>>> maq's and faq's but didn't see anything specific to this: >>>> >>>> >>> -- >>> Harondel J. Sibble >>> Sibble Computer Consulting >>> Creating solutions for the small business and home computer user. >>> help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com >>> (604) 739-3709 (voice/fax) (604) 686-2253 (pager) >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Feb 6 16:51:27 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 6 16:51:26 2006 Subject: 4.50.15 - Big problems on FreeBSD / exim In-Reply-To: <43E77B62.20805@tulsaconnect.com> References: <43E77B62.20805@tulsaconnect.com> Message-ID: <43E77E8F.5000300@ecs.soton.ac.uk> TCIS List Acct wrote: > > > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> >> I have just released a new beta 4.50.12. See the Change Log for all >> the details, it's getting pretty long this month. >> >> 1 particular feature I would like you to test for me: please set >> Virus Scanners = auto >> and see what it does. >> >> Thanks guys! > > We upgraded to 4.50.15 (from 4.47.4, which has been running fine) last > night on our (4) MailScanner boxes. They are running FreeBSD 4.9 (a > few 4.10) with 2GB of RAM and (1) 36GB 15KRPM SCSI drive. We run exim > as the MTA (version 4.34) with a split spool. We use 3 different A/V > scanners (mcafee, f-prot, and kaspersky) and have SpamAssassin 3.1.0 > installed w/Perl 5.8.2. We load balance the incoming load via > multiple DNS A-records, which has always worked fine. > > Anyway, after the upgrade, performance went down big time, and all of > the boxes eventually died with an "out of swap space" type message (I > did check that the disk has plenty of free space after a hard reboot > to get the box back up and responsive). I'm still investigating > (we've reverted back to 4.47.4 and are working our way through the > 80,000 message backlog) but I thought I would report it ASAP. > > I did have the new SpamAssassin caching turned on, but other than > that, I did not make any changes to my MailScanner.conf compared to > the previous version. I did install the latest DBI and DBD::SqlLite > via CPAN without a problem. The only thing I can think of is the SpamAssassin cache. Try switching it off and see if performance improves. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Mon Feb 6 16:52:35 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 6 16:52:43 2006 Subject: dcc failure In-Reply-To: <43E69FA4.1020404@rbrana.co.id> References: <43E69FA4.1020404@rbrana.co.id> Message-ID: <223f97700602060852r3238fd76t@mail.gmail.com> On 06/02/06, ius wrote: > Dear mailscanner, > > I got this error messages when do the spamassassin -D --lint -p > /etc/MailScanner/spam.assassin.prefs.conf. My DCC installed properly and > placed where it should be > > [7934] warn: config: failed to parse line, skipping: dcc_path > /usr/local/bin/dccproc > [7934] warn: config: failed to parse line, skipping: dcc_home /var/dcc > > Does anyone know what it is ? > > Thanks alot > ius What MailScanner and Spamassassin versions do you have? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From David.While at uce.ac.uk Mon Feb 6 16:54:03 2006 From: David.While at uce.ac.uk (David While) Date: Mon Feb 6 16:54:09 2006 Subject: dcc failure Message-ID: <294B4B3243E76C4BA4FF7F54003B3BE1EFAD98@exchangea.staff.uce.ac.uk> Search the list archive - this has been answered before!! I think it is something to do with init.pre and having to remove the comments from the dcc plugin load statement. -------------------------------------------- David While BSc CEng MBCS CITP Department of Computing University of Central England Tel: 0121 331 6211 -------------------------------------------- -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of ius Sent: 06 February 2006 01:00 To: MailScanner mailing list Subject: dcc failure Dear mailscanner, I got this error messages when do the spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf. My DCC installed properly and placed where it should be [7934] warn: config: failed to parse line, skipping: dcc_path /usr/local/bin/dccproc [7934] warn: config: failed to parse line, skipping: dcc_home /var/dcc Does anyone know what it is ? Thanks alot ius -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From martinh at solid-state-logic.com Mon Feb 6 17:08:59 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Feb 6 17:09:06 2006 Subject: 4.50.15 - Big problems on FreeBSD / exim In-Reply-To: <43E77E8F.5000300@ecs.soton.ac.uk> Message-ID: <018e01c62b40$05394b20$3004010a@martinhlaptop> Another thing that might have got you is permission on the new SA cache. Make sure the exim user (mailnull????) can write to the file and directory. I *think* it gets created by the install routine, but that may be for the wrong user of you run an MTA like exim or PF that doesn't normally run as root. I'm running all this on FBSD no problems.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 06 February 2006 16:51 > To: MailScanner discussion > Subject: Re: 4.50.15 - Big problems on FreeBSD / exim > > > > TCIS List Acct wrote: > > > > > > Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> > >> I have just released a new beta 4.50.12. See the Change Log for all > >> the details, it's getting pretty long this month. > >> > >> 1 particular feature I would like you to test for me: please set > >> Virus Scanners = auto > >> and see what it does. > >> > >> Thanks guys! > > > > We upgraded to 4.50.15 (from 4.47.4, which has been running fine) last > > night on our (4) MailScanner boxes. They are running FreeBSD 4.9 (a > > few 4.10) with 2GB of RAM and (1) 36GB 15KRPM SCSI drive. We run exim > > as the MTA (version 4.34) with a split spool. We use 3 different A/V > > scanners (mcafee, f-prot, and kaspersky) and have SpamAssassin 3.1.0 > > installed w/Perl 5.8.2. We load balance the incoming load via > > multiple DNS A-records, which has always worked fine. > > > > Anyway, after the upgrade, performance went down big time, and all of > > the boxes eventually died with an "out of swap space" type message (I > > did check that the disk has plenty of free space after a hard reboot > > to get the box back up and responsive). I'm still investigating > > (we've reverted back to 4.47.4 and are working our way through the > > 80,000 message backlog) but I thought I would report it ASAP. > > > > I did have the new SpamAssassin caching turned on, but other than > > that, I did not make any changes to my MailScanner.conf compared to > > the previous version. I did install the latest DBI and DBD::SqlLite > > via CPAN without a problem. > The only thing I can think of is the SpamAssassin cache. Try switching > it off and see if performance improves. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From naolson at gmail.com Mon Feb 6 17:10:38 2006 From: naolson at gmail.com (Nathan Olson) Date: Mon Feb 6 17:10:41 2006 Subject: dcc failure In-Reply-To: <43E69FA4.1020404@rbrana.co.id> References: <43E69FA4.1020404@rbrana.co.id> Message-ID: <8f54b4330602060910s341579fcna102d87191769f68@mail.gmail.com> If you're using SA 3.1.0 you need to have the DCC plugin loaded. Nate From Edge at twu.ca Mon Feb 6 17:21:32 2006 From: Edge at twu.ca (Richard Edge) Date: Mon Feb 6 17:21:38 2006 Subject: ALL_TRUSTED problems Message-ID: Hi Julian, I tried your suggestion late on Friday, but I am still having the same problem. SA --lint still indicates that the file mailscanner.cf is being loaded and used and it does detect errors if I deliberately create a syntax error for a directive. Not only does it not recognize my 'score ALL_TRUSTED 0', but it seems to ignore most of the other directives such as the 'score BAYES_....' modified scores. While ALL_TRUSTED does not seem to fire as often as it used to, it is still giving false positives. Our two gateways are NAT'ed by the way. It also ignores any of my 'trusted_networks' entries. Another issue is with the DCC and Pyzor tests. I have them properly installed and spamassassin --lint sees them and tells me they are working, but I do not see any references to DCC or Pyzor tests in maillog. Spamassassin --lint does recognize the change when I turn these two test off and then on again through mailscanner.cf. I have attached the entire output from lint in sa-lint.txt. Maybe someone can see something I am missing. Any other ideas? Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, February 02, 2006 11:21 AM To: MailScanner discussion Subject: Re: ALL_TRUSTED problems If that is what you want to do, then do a locate SpamAssassin.pm and delete it and re-install SpamAssassin 3.1.0. Richard Edge wrote: > In my situation, I am already at SA 3.1.0. Should I try something > drastic like uninstalling SA and doing a new install or forcing an > install over the existing installation. If so what is the best way to > proceed. > > Richard Edge > Senior Systems Administrator | Technology Services Trinity Western > University | t: 604.513.2089 > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt > Kettler > Sent: Thursday, February 02, 2006 10:34 AM > To: MailScanner discussion > Subject: Re: ALL_TRUSTED problems > > Scott Silva wrote: > >> dnsadmin 1bigthink.com spake the following on 2/2/2006 8:08 AM: >> >>> At 07:59 PM 2/1/2006, you wrote: >>> >>> debug: SpamAssassin version 3.0.3 >>> Thanks, >>> Glenn Parsons >>> >> Have you considered upgrading to spamassassin 3.1.0? >> > > > Or at least upgrade to 3.0.5. All other version of SA 3.0 have MAJOR > bugs in the ALL_TRUSTED code. 3.0.5 has a back-port of 3.1.0's > algorithm, which deals better with parsing problems. > > > 3.0.0-3.0.4 - ALL_TRUSTED = no untrusted relays. > > 3.0.5-3.1.0 - ALL_TRUSTED = at least 1 trusted relay, no untrusted > relays and no unparseable relays. > > The version in 3.0.0-3.0.4 will false-fire with ALL_TRUSTED if there > are no parseable headers. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- [22282] dbg: logger: adding facilities: all [22282] dbg: logger: logging level is DBG [22282] dbg: generic: SpamAssassin version 3.1.0 [22282] dbg: config: score set 0 chosen. [22282] dbg: util: running in taint mode? yes [22282] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [22282] dbg: util: PATH included '/usr/kerberos/sbin', keeping [22282] dbg: util: PATH included '/usr/kerberos/bin', keeping [22282] dbg: util: PATH included '/usr/local/sbin', keeping [22282] dbg: util: PATH included '/usr/local/bin', keeping [22282] dbg: util: PATH included '/sbin', keeping [22282] dbg: util: PATH included '/bin', keeping [22282] dbg: util: PATH included '/usr/sbin', keeping [22282] dbg: util: PATH included '/usr/bin', keeping [22282] dbg: util: PATH included '/usr/X11R6/bin', keeping [22282] dbg: util: PATH included '/root/bin', which doesn't exist, dropping [22282] dbg: util: final PATH set to: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin [22282] dbg: dns: is Net::DNS::Resolver available? yes [22282] dbg: dns: Net::DNS version: 0.55 [22282] dbg: dns: name server: 10.10.118.4, family: 2, ipv6: 0 [22282] dbg: diag: perl platform: 5.008 linux [22282] dbg: diag: module installed: Digest::SHA1, version 2.10 [22282] dbg: diag: module installed: Net::DNS, version 0.55 [22282] dbg: diag: module installed: Net::SMTP, version 2.29 [22282] dbg: diag: module installed: Mail::SPF::Query, version 1.997 [22282] dbg: diag: module installed: IP::Country::Fast, version 309.002 [22282] dbg: diag: module installed: Razor2::Client::Agent, version 2.77 [22282] dbg: diag: module installed: Net::Ident, version 1.20 [22282] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed) [22282] dbg: diag: module installed: IO::Socket::SSL, version 0.96 [22282] dbg: diag: module installed: Time::HiRes, version 1.86 [22282] dbg: diag: module installed: DBI, version 1.50 [22282] dbg: diag: module installed: Getopt::Long, version 2.32 [22282] dbg: diag: module installed: LWP::UserAgent, version 2.033 [22282] dbg: diag: module installed: HTTP::Date, version 1.47 [22282] dbg: diag: module installed: Archive::Tar, version 1.26 [22282] dbg: diag: module installed: IO::Zlib, version 1.04 [22282] dbg: diag: module installed: DB_File, version 1.810 [22282] dbg: diag: module installed: HTML::Parser, version 3.48 [22282] dbg: diag: module installed: MIME::Base64, version 3.05 [22282] dbg: ignore: using a test message to lint rules [22282] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [22282] dbg: config: read file /etc/mail/spamassassin/init.pre [22282] dbg: config: using "/usr/share/spamassassin" for sys rules pre files [22282] dbg: config: using "/usr/share/spamassassin" for default rules dir [22282] dbg: config: read file /usr/share/spamassassin/10_misc.cf [22282] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf [22282] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf [22282] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf [22282] dbg: config: read file /usr/share/spamassassin/20_compensate.cf [22282] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf [22282] dbg: config: read file /usr/share/spamassassin/20_drugs.cf [22282] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf [22282] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf [22282] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf [22282] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf [22282] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf [22282] dbg: config: read file /usr/share/spamassassin/20_phrases.cf [22282] dbg: config: read file /usr/share/spamassassin/20_porn.cf [22282] dbg: config: read file /usr/share/spamassassin/20_ratware.cf [22282] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf [22282] dbg: config: read file /usr/share/spamassassin/23_bayes.cf [22282] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf [22282] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf [22282] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf [22282] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf [22282] dbg: config: read file /usr/share/spamassassin/25_dcc.cf [22282] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf [22282] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf [22282] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf [22282] dbg: config: read file /usr/share/spamassassin/25_razor2.cf [22282] dbg: config: read file /usr/share/spamassassin/25_replace.cf [22282] dbg: config: read file /usr/share/spamassassin/25_spf.cf [22282] dbg: config: read file /usr/share/spamassassin/25_textcat.cf [22282] dbg: config: read file /usr/share/spamassassin/25_uribl.cf [22282] dbg: config: read file /usr/share/spamassassin/30_text_de.cf [22282] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf [22282] dbg: config: read file /usr/share/spamassassin/30_text_it.cf [22282] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf [22282] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf [22282] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf [22282] dbg: config: read file /usr/share/spamassassin/50_scores.cf [22282] dbg: config: read file /usr/share/spamassassin/60_awl.cf [22282] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf [22282] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf [22282] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf [22282] dbg: config: using "/etc/mail/spamassassin" for site rules dir [22282] dbg: config: read file /etc/mail/spamassassin/70_sare_adult.cf [22282] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf [22282] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum1.cf [22282] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum2.cf [22282] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu0.cf [22282] dbg: config: read file /etc/mail/spamassassin/70_sare_oem.cf [22282] dbg: config: read file /etc/mail/spamassassin/70_sare_spoof.cf [22282] dbg: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf [22282] dbg: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf [22282] dbg: config: read file /etc/mail/spamassassin/chickenpox.cf [22282] dbg: config: read file /etc/mail/spamassassin/local.cf [22282] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf [22282] dbg: config: using "/root/.spamassassin" for user state dir [22282] dbg: config: using "/root/.spamassassin/user_prefs" for user prefs file [22282] dbg: config: read file /root/.spamassassin/user_prefs [22282] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC [22282] dbg: dcc: network tests on, registering DCC [22282] dbg: plugin: registered Mail::SpamAssassin::Plugin::DCC=HASH(0x915b894) [22282] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [22282] dbg: pyzor: network tests on, attempting Pyzor [22282] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0xa2a124c) [22282] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [22282] dbg: reporter: network tests on, attempting SpamCop [22282] dbg: plugin: registered Mail::SpamAssassin::Plugin::SpamCop=HASH(0xa2f09f0) [22282] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [22282] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0xa2b113c) [22282] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [22282] dbg: plugin: registered Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0xa2d4478) [22282] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [22282] dbg: plugin: registered Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0xa2d4eec) [22282] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [22282] dbg: plugin: registered Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0xa2d5b88) [22282] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [22282] dbg: plugin: registered Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xa2d6c08) [22282] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from @INC [22282] dbg: plugin: registered Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xa2d7484) [22282] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [22282] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0xa37a224) [22282] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [22282] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa3b0b48) [22282] dbg: config: adding redirector regex: /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i [22282] dbg: config: adding redirector regex: /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i [22282] dbg: config: adding redirector regex: /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i [22282] dbg: config: adding redirector regex: /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i [22282] dbg: config: adding redirector regex: /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i [22282] dbg: config: adding redirector regex: m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&\#])'i [22282] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i [22282] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xa2d6c08) implements 'finish_parsing_end' [22282] dbg: replacetags: replacing tags [22282] dbg: replacetags: done replacing tags [22282] dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_toks [22282] dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_seen [22282] dbg: bayes: found bayes db version 3 [22282] dbg: bayes: DB journal sync: last sync: 1139246302 [22282] dbg: config: score set 3 chosen. [22282] dbg: message: ---- MIME PARSER START ---- [22282] dbg: message: main message type: text/plain [22282] dbg: message: parsing normal part [22282] dbg: message: added part, type: text/plain [22282] dbg: message: ---- MIME PARSER END ---- [22282] dbg: dns: dns_available set to yes in config file, skipping test [22282] dbg: metadata: X-Spam-Relays-Trusted: [22282] dbg: metadata: X-Spam-Relays-Untrusted: [22282] dbg: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xa2d7484) implements 'extract_metadata' [22282] dbg: metadata: X-Relay-Countries: [22282] dbg: message: no encoding detected [22282] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa3b0b48) implements 'parsed_metadata' [22282] dbg: uridnsbl: domains to query: [22282] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl-notfirsthop [22282] dbg: dns: checking RBL sa-accredit.habeas.com., set habeas-firsttrusted [22282] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl [22282] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-untrusted [22282] dbg: dns: checking RBL combined.njabl.org., set njabl-notfirsthop [22282] dbg: dns: checking RBL combined.njabl.org., set njabl [22282] dbg: dns: checking RBL combined-HIB.dnsiplists.completewhois.com., set whois [22282] dbg: dns: checking RBL list.dsbl.org., set dsbl-notfirsthop [22282] dbg: dns: checking RBL bl.spamcop.net., set spamcop [22282] dbg: dns: checking RBL sa-trusted.bondedsender.org., set bsp-firsttrusted [22282] dbg: dns: checking RBL combined-HIB.dnsiplists.completewhois.com., set whois-notfirsthop [22282] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-notfirsthop [22282] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs [22282] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted [22282] dbg: check: running tests for priority: 0 [22282] dbg: rules: running header regexp tests; score so far=0 [22282] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [22282] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1139246387@lint_rules> [22282] dbg: rules: " [22282] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@lint_rules>" [22282] dbg: rules: ran header rule NO_REAL_NAME ======> got hit: "ignore@compiling.spamassassin.taint.org [22282] dbg: rules: " [22282] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1139246387" [22282] dbg: plugin: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0xa37a224)) [22282] dbg: spf: message was delivered entirely via trusted relays, not required [22282] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org [22282] dbg: plugin: registering glue method for check_subject_in_blacklist (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0xa2d4eec)) [22282] dbg: eval: all '*To' addrs: [22282] dbg: plugin: registering glue method for check_for_spf_neutral (Mail::SpamAssassin::Plugin::SPF=HASH(0xa37a224)) [22282] dbg: spf: message was delivered entirely via trusted relays, not required [22282] dbg: plugin: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0xa37a224)) [22282] dbg: rules: ran eval rule NO_RELAYS ======> got hit [22282] dbg: plugin: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0xa37a224)) [22282] dbg: plugin: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0xa37a224)) [22282] dbg: plugin: registering glue method for check_for_def_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0xa37a224)) [22282] dbg: spf: cannot get Envelope-From, cannot use SPF [22282] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender [22282] dbg: plugin: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0xa37a224)) [22282] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit [22282] dbg: plugin: registering glue method for check_subject_in_whitelist (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0xa2d4eec)) [22282] dbg: plugin: registering glue method for check_for_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0xa37a224)) [22282] dbg: spf: spf_whitelist_from: could not find useable envelope sender [22282] dbg: rules: running body-text per-line regexp tests; score so far=0.96 [22282] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" [22282] dbg: uri: running uri tests; score so far=0.96 [22282] dbg: bayes: DB journal sync: last sync: 1139246302 [22282] dbg: bayes: corpus size: nspam = 92853, nham = 854129 [22282] dbg: bayes: score = 0.121500989732988 [22282] dbg: bayes: DB journal sync: last sync: 1139246302 [22282] dbg: bayes: untie-ing [22282] dbg: bayes: untie-ing db_toks [22282] dbg: bayes: untie-ing db_seen [22282] dbg: plugin: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa3b0b48)) [22282] dbg: rules: ran eval rule BAYES_20 ======> got hit [22282] dbg: rules: running raw-body-text per-line regexp tests; score so far=0.22 [22282] dbg: rules: running full-text regexp tests; score so far=0.22 [22282] dbg: plugin: registering glue method for check_pyzor (Mail::SpamAssassin::Plugin::Pyzor=HASH(0xa2a124c)) [22282] dbg: pyzor: pyzor is available: /usr/bin/pyzor [22282] dbg: info: entering helper-app run mode [22282] dbg: pyzor: opening pipe: /usr/bin/pyzor check < /tmp/.spamassassin22282pJYxu8tmp [22286] dbg: util: setuid: ruid=0 euid=0 [22282] dbg: pyzor: [22286] finished: exit=0x0100 [22282] dbg: pyzor: got response: 66.250.40.33:24441_(200, 'OK')_0_0 [22282] dbg: info: leaving helper-app run mode [22282] dbg: plugin: registering glue method for check_dcc (Mail::SpamAssassin::Plugin::DCC=HASH(0x915b894)) [22282] dbg: dcc: dccifd is available: /var/dcc/dccifd [22282] dbg: info: entering helper-app run mode [22282] dbg: dcc: dccifd got response: X-DCC-sonic.net-Metrics: mx10.twu.ca 1117; Body=73064 Fuz1=73064 Fuz2=176837 [22282] dbg: info: leaving helper-app run mode [22282] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa3b0b48) implements 'check_tick' [22282] dbg: check: running tests for priority: 500 [22282] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa3b0b48) implements 'check_post_dnsbl' [22282] dbg: rules: running meta tests; score so far=0.22 [22282] dbg: rules: running header regexp tests; score so far=2.166 [22282] dbg: rules: running body-text per-line regexp tests; score so far=2.166 [22282] dbg: uri: running uri tests; score so far=2.166 [22282] dbg: rules: running raw-body-text per-line regexp tests; score so far=2.166 [22282] dbg: rules: running full-text regexp tests; score so far=2.166 [22282] dbg: check: running tests for priority: 1000 [22282] dbg: rules: running meta tests; score so far=2.166 [22282] dbg: rules: running header regexp tests; score so far=2.166 [22282] dbg: plugin: registering glue method for check_from_in_auto_whitelist (Mail::SpamAssassin::Plugin::AWL=HASH(0xa2b113c)) [22282] dbg: rules: running body-text per-line regexp tests; score so far=2.166 [22282] dbg: uri: running uri tests; score so far=2.166 [22282] dbg: rules: running raw-body-text per-line regexp tests; score so far=2.166 [22282] dbg: rules: running full-text regexp tests; score so far=2.166 [22282] dbg: check: is spam? score=2.166 required=5 [22282] dbg: check: tests=BAYES_20,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE [22282] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID From Edge at twu.ca Mon Feb 6 17:30:09 2006 From: Edge at twu.ca (Richard Edge) Date: Mon Feb 6 17:31:11 2006 Subject: ALL_TRUSTED problems Message-ID: Hi Scott, I tried your suggestion, but still no joy. Thanks anyways. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva Sent: Thursday, February 02, 2006 11:49 AM To: mailscanner@lists.mailscanner.info Subject: Re: ALL_TRUSTED problems > > The version in 3.0.0-3.0.4 will false-fire with ALL_TRUSTED if there > are no parseable headers. > -- This thread has gotten very confusing! I take it there are 2 people with a similar problem, but more than likely 2 different solutions. I had a problem with a spamassassin install sometime back where it was defaulting to looking for its rules in /usr/etc/mail/spamassassin. It took days to track this down. If you have this problem, I fixed it with a symlink from /usr/etc/mail/spamassassin pointing to /etc/mail/spamassassin. Maybe way off, but a guess s all I have... From listacct at tulsaconnect.com Mon Feb 6 17:45:56 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Mon Feb 6 17:45:51 2006 Subject: 4.50.15 - Big problems on FreeBSD / exim In-Reply-To: <018e01c62b40$05394b20$3004010a@martinhlaptop> References: <018e01c62b40$05394b20$3004010a@martinhlaptop> Message-ID: <43E78B54.6040709@tulsaconnect.com> Martin Hepworth wrote: > > Another thing that might have got you is permission on the new SA cache. > > Make sure the exim user (mailnull????) can write to the file and directory. > I *think* it gets created by the install routine, but that may be for the > wrong user of you run an MTA like exim or PF that doesn't normally run as > root. > > I'm running all this on FBSD no problems.. Yes, I checked that, and the file existed and the permissions were correct.. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From realmcking at gmail.com Mon Feb 6 17:48:09 2006 From: realmcking at gmail.com (Mark McCoy) Date: Mon Feb 6 17:48:12 2006 Subject: We need to do some cleanup in the wiki... In-Reply-To: <814A6FA0-5B3B-4E93-BA55-DBC23252D998@ecs.soton.ac.uk> References: <223f97700602060250y34bea22ak@mail.gmail.com> <814A6FA0-5B3B-4E93-BA55-DBC23252D998@ecs.soton.ac.uk> Message-ID: On 2/6/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- :snip: > One major thing that needs (re)-writing is a Solaris installation > guide. The current one (which I wrote a long time ago) is totally out > of date and useless. I might well just remove it completely. I have > someone doing a Solaris install at the moment, and being a newbie to > Solaris he is hitting every problem in the book. So hopefully his > writeup will be useful to other Solaris users. I am also a mailscanner newb installing on Solaris 9 and I would be glad to contribute my experiences. I have just today downloaded 4.5 onto my workstation to test how the setup works before installing it onto a test box. MS was recommended by my boss (he used it before at a previous job) as something to replace the existiing "that's-just-what-they-used-when-I-got-here" mimedefang filter. -- Mark McCoy -- Professional Unix geek "On two occasions I have been asked, 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. " -- Charles Babbage From Edge at twu.ca Mon Feb 6 18:03:35 2006 From: Edge at twu.ca (Richard Edge) Date: Mon Feb 6 18:03:46 2006 Subject: More problems than just ALL_TRusted Message-ID: Well it looks like I have a few other issues here that may or may not be part of my mailscanner.cf file not being read. I upgraded MailScanner this morning from 4.50.14-2 beta to 4.50.12 stable and now after running MailScanner --lint and --debug I am seeing some errors. I had run the debug option on previous installs of MailScanner (after every upgrade) without problems, but with this new version I am seeing errors I have never seen before. On mx10.twu.ca --lint shows: [root@mx10 root]# MailScanner --lint Could not read file /var/run/MailScanner.pid at /usr/lib/MailScanner/MailScanner/Config.pm line 2278 Error in line 157, file "/var/run/MailScanner.pid" for pidfile does not exist (or can not be read) at /usr/lib/MailScanner/MailScanner/Config.pm line 2440 Syntax error in line 1480, value "" for spamblacklist is not one of allowed values "yes","no" at /usr/lib/MailScanner/MailScanner/Config.pm line 2360 Syntax error in line 1473, value "" for spamwhitelist is not one of allowed values "yes","no" at /usr/lib/MailScanner/MailScanner/Config.pm line 2360 Possible syntax error on line 26 of /etc/MailScanner/filename.rules.conf at /usr/lib/MailScanner/MailScanner/Config.pm line 1274 Remember to separate fields with tab characters! at /usr/lib/MailScanner/MailScanner/Config.pm line 1276 Read 702 hostnames from the phishing whitelist Config: calling custom init function MailWatchLogging Cannot write pid file , No such file or directory at /usr/sbin/MailScanner line 1238 MailScanner setting GID to (89) MailScanner setting UID to (89) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database config: warning: score set for non-existent rule FUZZY_GUARANTEE config: warning: score set for non-existent rule FUZZY_BILLION config: warning: score set for non-existent rule FUZZY_XPILL config: warning: score set for non-existent rule FUZZY_PRESCRIPT config: warning: score set for non-existent rule FUZZY_SOFTWARE config: warning: score set for non-existent rule SUBJECT_FUZZY_TION config: warning: score set for non-existent rule FUZZY_PHARMACY config: warning: score set for non-existent rule FUZZY_TRAMADOL config: warning: score set for non-existent rule FUZZY_OFFERS config: warning: score set for non-existent rule SUBJECT_FUZZY_VPILL config: warning: score set for non-existent rule FUZZY_MEDICATION config: warning: score set for non-existent rule FUZZY_CREDIT config: warning: score set for non-existent rule FUZZY_THOUSANDS config: warning: score set for non-existent rule FUZZY_CPILL config: warning: score set for non-existent rule FUZZY_OBLIGATION config: warning: score set for non-existent rule SUBJECT_FUZZY_PENIS config: warning: score set for non-existent rule FUZZY_MONEY config: warning: score set for non-existent rule SUBJECT_FUZZY_MEDS config: warning: score set for non-existent rule FUZZY_CELEBREX config: warning: score set for non-existent rule FUZZY_FOLLOW config: warning: score set for non-existent rule FUZZY_PLEASE config: warning: score set for non-existent rule FUZZY_VICODIN config: warning: score set for non-existent rule FUZZY_ERECT config: warning: score set for non-existent rule FUZZY_VLIUM config: warning: score set for non-existent rule FUZZY_MILLION config: warning: score set for non-existent rule FUZZY_AFFORDABLE config: warning: score set for non-existent rule FUZZY_REMOVE config: warning: score set for non-existent rule FUZZY_ROLEX config: warning: score set for non-existent rule FUZZY_AMBIEN config: warning: score set for non-existent rule FUZZY_MORTGAGE config: warning: score set for non-existent rule FUZZY_PRICES config: warning: score set for non-existent rule FUZZY_REFINANCE config: warning: score set for non-existent rule FUZZY_VIOXX config: warning: score set for non-existent rule SUBJECT_FUZZY_CHEAP config: warning: score set for non-existent rule FUZZY_VPILL config: warning: score set for non-existent rule FUZZY_PHENT config: warning: score set for non-existent rule FUZZY_MILF SpamAssassin reported an error. MailScanner.conf says "Virus Scanners = clamavmodule mcafee" Found these virus scanners installed: clamavmodule, mcafee ------------------------- MailScanner --debug shows: -------------------------- In Debugging mode, not forking... Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 1008. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 1010. LibClamAV Warning: ******************************************************** LibClamAV Warning: *** This version of the ClamAV engine is outdated. *** LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/faq.html *** LibClamAV Warning: ******************************************************** Ignore errors about failing to find EOCD signature ---------------- And it freezes at the above line. On mx20.twu.ca MailScanner --lint and debug gives me: ---------------- [root@mx20 MailScanner]# MailScanner --lint Cannot open config file --lint, No such file or directory at /usr/lib/MailScanner/MailScanner/Config.pm line 597. Compilation failed in require at /usr/sbin/MailScanner line 67. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 67. ---------------- During the install (I used install.sh and RPM package) I didn't noticed any errors that would cause me to think there was a problem with the install. Now I am even more kerfuffled. I have upgrade from 4.37 with every new stable release and two of the 4.50 betas without any problems previously other then the ALL_TRUSTED issues I have a;ready reported. The odd thing is that email is being received, scanned and forwarded on to our Exchange servers fine. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology From listacct at tulsaconnect.com Mon Feb 6 18:12:21 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Mon Feb 6 18:12:16 2006 Subject: 4.50.15 - Big problems on FreeBSD / exim In-Reply-To: <43E77E8F.5000300@ecs.soton.ac.uk> References: <43E77B62.20805@tulsaconnect.com> <43E77E8F.5000300@ecs.soton.ac.uk> Message-ID: <43E79185.90401@tulsaconnect.com> Julian Field wrote: > The only thing I can think of is the SpamAssassin cache. Try switching > it off and see if performance improves. I see the problem now: PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU CPU COMMAND 49938 root -2 0 180M 112M getblk 0 0:02 17.57% 9.28% perl 49826 root -2 0 515M 262M getblk 0 0:04 9.73% 8.54% perl 49870 root 28 0 515M 266M pfault 2 0:04 10.66% 8.40% perl 49530 root -2 0 515M 423M getblk 2 0:06 7.99% 7.81% perl 49993 root 28 0 360M 181M pfault 0 0:01 9.32% 3.08% perl 50000 root 28 0 22572K 14708K pfault 0 0:00 19.48% 1.86% perl The perl processes are taking massive amounts of RAM on 4.50.15. I'll try turning off the SA caching and see if that makes any difference. FWIW: Summary of my perl5 (revision 5.0 version 8 subversion 2) configuration: Platform: osname=freebsd, osvers=4.9-release, archname=i386-freebsd -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From MailScanner at ecs.soton.ac.uk Mon Feb 6 18:16:32 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 6 18:16:41 2006 Subject: More problems than just ALL_TRusted In-Reply-To: References: Message-ID: <43E79280.4090003@ecs.soton.ac.uk> How many of these errors have you addressed? Ignore the ones about the pid file, I have fixed that today. But the others are ones you should address. Richard Edge wrote: > Well it looks like I have a few other issues here that may or may not be > part of my mailscanner.cf file not being read. I upgraded MailScanner > this morning from 4.50.14-2 beta to 4.50.12 stable and now after running > MailScanner --lint and --debug I am seeing some errors. I had run the > debug option on previous installs of MailScanner (after every upgrade) > without problems, but with this new version I am seeing errors I have > never seen before. > > On mx10.twu.ca --lint shows: > > [root@mx10 root]# MailScanner --lint > Could not read file /var/run/MailScanner.pid at > /usr/lib/MailScanner/MailScanner/Config.pm line 2278 > Error in line 157, file "/var/run/MailScanner.pid" for pidfile does not > exist (or can not be read) at /usr/lib/MailScanner/MailScanner/Config.pm > line 2440 > Syntax error in line 1480, value "" for spamblacklist is not one of > allowed values "yes","no" at /usr/lib/MailScanner/MailScanner/Config.pm > line 2360 > Syntax error in line 1473, value "" for spamwhitelist is not one of > allowed values "yes","no" at /usr/lib/MailScanner/MailScanner/Config.pm > line 2360 > Possible syntax error on line 26 of /etc/MailScanner/filename.rules.conf > at /usr/lib/MailScanner/MailScanner/Config.pm line 1274 > Remember to separate fields with tab characters! at > /usr/lib/MailScanner/MailScanner/Config.pm line 1276 > Read 702 hostnames from the phishing whitelist > Config: calling custom init function MailWatchLogging > Cannot write pid file , No such file or directory at > /usr/sbin/MailScanner line 1238 > MailScanner setting GID to (89) > MailScanner setting UID to (89) > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > config: warning: score set for non-existent rule FUZZY_GUARANTEE > config: warning: score set for non-existent rule FUZZY_BILLION > config: warning: score set for non-existent rule FUZZY_XPILL > config: warning: score set for non-existent rule FUZZY_PRESCRIPT > config: warning: score set for non-existent rule FUZZY_SOFTWARE > config: warning: score set for non-existent rule SUBJECT_FUZZY_TION > config: warning: score set for non-existent rule FUZZY_PHARMACY > config: warning: score set for non-existent rule FUZZY_TRAMADOL > config: warning: score set for non-existent rule FUZZY_OFFERS > config: warning: score set for non-existent rule SUBJECT_FUZZY_VPILL > config: warning: score set for non-existent rule FUZZY_MEDICATION > config: warning: score set for non-existent rule FUZZY_CREDIT > config: warning: score set for non-existent rule FUZZY_THOUSANDS > config: warning: score set for non-existent rule FUZZY_CPILL > config: warning: score set for non-existent rule FUZZY_OBLIGATION > config: warning: score set for non-existent rule SUBJECT_FUZZY_PENIS > config: warning: score set for non-existent rule FUZZY_MONEY > config: warning: score set for non-existent rule SUBJECT_FUZZY_MEDS > config: warning: score set for non-existent rule FUZZY_CELEBREX > config: warning: score set for non-existent rule FUZZY_FOLLOW > config: warning: score set for non-existent rule FUZZY_PLEASE > config: warning: score set for non-existent rule FUZZY_VICODIN > config: warning: score set for non-existent rule FUZZY_ERECT > config: warning: score set for non-existent rule FUZZY_VLIUM > config: warning: score set for non-existent rule FUZZY_MILLION > config: warning: score set for non-existent rule FUZZY_AFFORDABLE > config: warning: score set for non-existent rule FUZZY_REMOVE > config: warning: score set for non-existent rule FUZZY_ROLEX > config: warning: score set for non-existent rule FUZZY_AMBIEN > config: warning: score set for non-existent rule FUZZY_MORTGAGE > config: warning: score set for non-existent rule FUZZY_PRICES > config: warning: score set for non-existent rule FUZZY_REFINANCE > config: warning: score set for non-existent rule FUZZY_VIOXX > config: warning: score set for non-existent rule SUBJECT_FUZZY_CHEAP > config: warning: score set for non-existent rule FUZZY_VPILL > config: warning: score set for non-existent rule FUZZY_PHENT > config: warning: score set for non-existent rule FUZZY_MILF > SpamAssassin reported an error. > > MailScanner.conf says "Virus Scanners = clamavmodule mcafee" > Found these virus scanners installed: clamavmodule, mcafee > ------------------------- > > MailScanner --debug shows: > > -------------------------- > > In Debugging mode, not forking... > Use of uninitialized value in concatenation (.) or string at > /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 1008. > Use of uninitialized value in concatenation (.) or string at > /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 1010. > LibClamAV Warning: > ******************************************************** > LibClamAV Warning: *** This version of the ClamAV engine is outdated. > *** > LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/faq.html > *** > LibClamAV Warning: > ******************************************************** > Ignore errors about failing to find EOCD signature > ---------------- > > And it freezes at the above line. On mx20.twu.ca MailScanner --lint and > debug gives me: > > ---------------- > [root@mx20 MailScanner]# MailScanner --lint > Cannot open config file --lint, No such file or directory at > /usr/lib/MailScanner/MailScanner/Config.pm line 597. > Compilation failed in require at /usr/sbin/MailScanner line 67. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 67. > ---------------- > > During the install (I used install.sh and RPM package) I didn't noticed > any errors that would cause me to think there was a problem with the > install. Now I am even more kerfuffled. > > I have upgrade from 4.37 with every new stable release and two of the > 4.50 betas without any problems previously other then the ALL_TRUSTED > issues I have a;ready reported. The odd thing is that email is being > received, scanned and forwarded on to our Exchange servers fine. > > Richard Edge > Senior Systems Administrator | Technology Services > Trinity Western University | t: 604.513.2089 > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > > > > > > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at yeticomputers.com Mon Feb 6 18:24:31 2006 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Mon Feb 6 18:24:51 2006 Subject: permissions problem on startup In-Reply-To: <84B37A2A-C8BA-4F1B-979C-A116E51156B6@jolet.net> References: <46E37D27-F082-48B7-B007-AE25597F9D01@jolet.net> <43E5F782.7020005@ecs.soton.ac.uk> <43E5FF39.10909@ecs.soton.ac.uk> <84B37A2A-C8BA-4F1B-979C-A116E51156B6@jolet.net> Message-ID: <43E7945F.1020806@yeticomputers.com> I ended up having to give the postfix user a shell, su to postfix and then run check_mailscanner. Sounds like what you finally did. I kept having little glitches with that machine, though. Nothing serious, just little things like having to jump through odd hoops to launch MailScanner... perldoc would never work, claiming it was missing modules that *were* installed... There were a few other strange problems, always involving perl apps. I'm guessing that the problem was one of mangled permissions somewhere deep in the perl tree, but I never found out. I finally decided that Gentoo simply requires too much babysitting for me to want to use it on a production server. Last week I put together a Centos 4.2 box, moved all of the mail over there, installed the latest MailScanner and everything was fine. I really like a lot of things about Gentoo, but it's little things like this that have made me pull it off all of my production servers. The primary mailserver was the last holdout. Just curious: Do *you* get an error if you try 'postdoc postdoc'? Rick John Jolet wrote: >>> yeah, I thought of that. If I give postfix a shell, su - postfix I >>> can view the file just fine. It appeared to me when I looked at >>> that module that it was mostly concerned with ldap servers. was I >>> incorrect? I don't have any, and that portion of the config file >>> is commented out. just grasping at straws at this point. >> >> >> I would not advise you try to work out how the configuration >> compiler works, it's pretty complex. :-) >> >> If you do su - postfix then cd / then cd down each dir to the file's >> location, does that all work at every step? > > yes, it does. That gave me an idea, however. su - postfix from > root, THEN run check_mailscanner, and it works. so I can start it as > postfix if i'm postfix. I guess I can handle that.....but it's still > odd. From mailscanner at yeticomputers.com Mon Feb 6 18:46:33 2006 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Mon Feb 6 18:46:55 2006 Subject: permissions problem on startup In-Reply-To: <43E7945F.1020806@yeticomputers.com> References: <46E37D27-F082-48B7-B007-AE25597F9D01@jolet.net> <43E5F782.7020005@ecs.soton.ac.uk> <43E5FF39.10909@ecs.soton.ac.uk> <84B37A2A-C8BA-4F1B-979C-A116E51156B6@jolet.net> <43E7945F.1020806@yeticomputers.com> Message-ID: <43E79989.5080900@yeticomputers.com> I, of course, meant 'perldoc perldoc'. (sigh) Rick Chadderdon wrote: > Just curious: Do *you* get an error if you try 'postdoc postdoc'? > From mkettler at evi-inc.com Mon Feb 6 19:00:59 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Feb 6 19:01:15 2006 Subject: More problems than just ALL_TRusted In-Reply-To: References: Message-ID: <43E79CEB.9050200@evi-inc.com> Richard Edge wrote: > config: warning: score set for non-existent rule FUZZY_GUARANTEE > config: warning: score set for non-existent rule FUZZY_BILLION Those warnings sound like the ReplaceTags plugin isn't loaded.. Check your /etc/mail/spamassassin/v310.pre for: loadplugin Mail::SpamAssassin::Plugin::ReplaceTags It's a bit of a bug in SA 3.1.0 that disabling this plugin isn't handled gracefully. Then again, I can't see why anyone would want to disable this plugin if they understood it. It's low overhead and very useful. From Edge at twu.ca Mon Feb 6 19:19:23 2006 From: Edge at twu.ca (Richard Edge) Date: Mon Feb 6 19:19:58 2006 Subject: More problems than just ALL_TRusted Message-ID: I have looked at the following: > Syntax error in line 1480, value "" for spamblacklist is not one of > allowed values "yes","no" at > /usr/lib/MailScanner/MailScanner/Config.pm > line 2360 My line 1480 is 'Is Definitely Spam = $SQLBlacklist' and is the same as my mx20 config. > Syntax error in line 1473, value "" for spamwhitelist is not one of > allowed values "yes","no" at > /usr/lib/MailScanner/MailScanner/Config.pm > line 2360 My line 1473 shows 'Is Definitely Not Spam = $SQLWhitelist' which is exactly what the same line on my config file on mx20.twu.ca and is supposed be set to this for MailWatch. > Possible syntax error on line 26 of > /etc/MailScanner/filename.rules.conf > at /usr/lib/MailScanner/MailScanner/Config.pm line 1274 Remember to > separate fields with tab characters! at > /usr/lib/MailScanner/MailScanner/Config.pm line 1276 Read 702 My line 26 in /etc/MailScanner/filename.rules.conf shows '/etc/MailScanner/filename.rules.conf' which was not added by me, but is a part of your base file setup. The only changes I made in this file was to comment out the winmail, .bmp,.ico, .ani, .cur, and .hlp deny lines a couple of versions ago. I don't know where the 'warning: score set for non-existent rule' lines are coming from since I do not recognize any of these rules. They are not scores I have set anywhere. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Monday, February 06, 2006 10:17 AM To: MailScanner discussion Subject: Re: More problems than just ALL_TRusted How many of these errors have you addressed? Ignore the ones about the pid file, I have fixed that today. But the others are ones you should address. Richard Edge wrote: > Well it looks like I have a few other issues here that may or may not > be part of my mailscanner.cf file not being read. I upgraded > MailScanner this morning from 4.50.14-2 beta to 4.50.12 stable and now > after running MailScanner --lint and --debug I am seeing some errors. > I had run the debug option on previous installs of MailScanner (after > every upgrade) without problems, but with this new version I am seeing > errors I have never seen before. > > On mx10.twu.ca --lint shows: > > [root@mx10 root]# MailScanner --lint > Could not read file /var/run/MailScanner.pid at > /usr/lib/MailScanner/MailScanner/Config.pm line 2278 Error in line > 157, file "/var/run/MailScanner.pid" for pidfile does not exist (or > can not be read) at /usr/lib/MailScanner/MailScanner/Config.pm > line 2440 > Syntax error in line 1480, value "" for spamblacklist is not one of > allowed values "yes","no" at > /usr/lib/MailScanner/MailScanner/Config.pm > line 2360 > Syntax error in line 1473, value "" for spamwhitelist is not one of > allowed values "yes","no" at > /usr/lib/MailScanner/MailScanner/Config.pm > line 2360 > Possible syntax error on line 26 of > /etc/MailScanner/filename.rules.conf > at /usr/lib/MailScanner/MailScanner/Config.pm line 1274 Remember to > separate fields with tab characters! at > /usr/lib/MailScanner/MailScanner/Config.pm line 1276 Read 702 > hostnames from the phishing whitelist > Config: calling custom init function MailWatchLogging Cannot write pid > file , No such file or directory at /usr/sbin/MailScanner line 1238 > MailScanner setting GID to (89) MailScanner setting UID to (89) > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > config: warning: score set for non-existent rule FUZZY_GUARANTEE > config: warning: score set for non-existent rule FUZZY_BILLION > config: warning: score set for non-existent rule FUZZY_XPILL > config: warning: score set for non-existent rule FUZZY_PRESCRIPT > config: warning: score set for non-existent rule FUZZY_SOFTWARE > config: warning: score set for non-existent rule SUBJECT_FUZZY_TION > config: warning: score set for non-existent rule FUZZY_PHARMACY > config: warning: score set for non-existent rule FUZZY_TRAMADOL > config: warning: score set for non-existent rule FUZZY_OFFERS > config: warning: score set for non-existent rule SUBJECT_FUZZY_VPILL > config: warning: score set for non-existent rule FUZZY_MEDICATION > config: warning: score set for non-existent rule FUZZY_CREDIT > config: warning: score set for non-existent rule FUZZY_THOUSANDS > config: warning: score set for non-existent rule FUZZY_CPILL > config: warning: score set for non-existent rule FUZZY_OBLIGATION > config: warning: score set for non-existent rule SUBJECT_FUZZY_PENIS > config: warning: score set for non-existent rule FUZZY_MONEY > config: warning: score set for non-existent rule SUBJECT_FUZZY_MEDS > config: warning: score set for non-existent rule FUZZY_CELEBREX > config: warning: score set for non-existent rule FUZZY_FOLLOW > config: warning: score set for non-existent rule FUZZY_PLEASE > config: warning: score set for non-existent rule FUZZY_VICODIN > config: warning: score set for non-existent rule FUZZY_ERECT > config: warning: score set for non-existent rule FUZZY_VLIUM > config: warning: score set for non-existent rule FUZZY_MILLION > config: warning: score set for non-existent rule FUZZY_AFFORDABLE > config: warning: score set for non-existent rule FUZZY_REMOVE > config: warning: score set for non-existent rule FUZZY_ROLEX > config: warning: score set for non-existent rule FUZZY_AMBIEN > config: warning: score set for non-existent rule FUZZY_MORTGAGE > config: warning: score set for non-existent rule FUZZY_PRICES > config: warning: score set for non-existent rule FUZZY_REFINANCE > config: warning: score set for non-existent rule FUZZY_VIOXX > config: warning: score set for non-existent rule SUBJECT_FUZZY_CHEAP > config: warning: score set for non-existent rule FUZZY_VPILL > config: warning: score set for non-existent rule FUZZY_PHENT > config: warning: score set for non-existent rule FUZZY_MILF > SpamAssassin reported an error. > > MailScanner.conf says "Virus Scanners = clamavmodule mcafee" > Found these virus scanners installed: clamavmodule, mcafee > ------------------------- > > MailScanner --debug shows: > > -------------------------- > > In Debugging mode, not forking... > Use of uninitialized value in concatenation (.) or string at > /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 1008. > Use of uninitialized value in concatenation (.) or string at > /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 1010. > LibClamAV Warning: > ******************************************************** > LibClamAV Warning: *** This version of the ClamAV engine is outdated. > *** > LibClamAV Warning: *** DON'T PANIC! Read > http://www.clamav.net/faq.html > *** > LibClamAV Warning: > ******************************************************** > Ignore errors about failing to find EOCD signature > ---------------- > > And it freezes at the above line. On mx20.twu.ca MailScanner --lint > and debug gives me: > > ---------------- > [root@mx20 MailScanner]# MailScanner --lint Cannot open config file > --lint, No such file or directory at > /usr/lib/MailScanner/MailScanner/Config.pm line 597. > Compilation failed in require at /usr/sbin/MailScanner line 67. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 67. > ---------------- > > During the install (I used install.sh and RPM package) I didn't > noticed any errors that would cause me to think there was a problem > with the install. Now I am even more kerfuffled. > > I have upgrade from 4.37 with every new stable release and two of the > 4.50 betas without any problems previously other then the ALL_TRUSTED > issues I have a;ready reported. The odd thing is that email is being > received, scanned and forwarded on to our Exchange servers fine. > > Richard Edge > Senior Systems Administrator | Technology Services Trinity Western > University | t: 604.513.2089 > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > > > > > > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Edge at twu.ca Mon Feb 6 19:38:02 2006 From: Edge at twu.ca (Richard Edge) Date: Mon Feb 6 19:40:20 2006 Subject: More problems than just ALL_TRusted Message-ID: I don't have a v310.pre. I have a init.pre and an init.pre.pre-v310 on both gateways. Both files have identical contents except for some extra 'loadplugin Mail::SpamAssassin::Plugin::RelayCountry', 'loadplugin Mail::SpamAssassin::Plugin::SPF' and 'loadplugin Mail::SpamAssassin::Plugin::URIDNSBL' lines ininit.pre.pre-v310.pre. The 'loadplugin Mail::SpamAssassin::Plugin::ReplaceTags' is uncommented in init.pre. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Kettler Sent: Monday, February 06, 2006 11:01 AM To: MailScanner discussion Subject: Re: More problems than just ALL_TRusted Richard Edge wrote: > config: warning: score set for non-existent rule FUZZY_GUARANTEE > config: warning: score set for non-existent rule FUZZY_BILLION Those warnings sound like the ReplaceTags plugin isn't loaded.. Check your /etc/mail/spamassassin/v310.pre for: loadplugin Mail::SpamAssassin::Plugin::ReplaceTags It's a bit of a bug in SA 3.1.0 that disabling this plugin isn't handled gracefully. Then again, I can't see why anyone would want to disable this plugin if they understood it. It's low overhead and very useful. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mkettler at evi-inc.com Mon Feb 6 20:14:50 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Feb 6 20:15:00 2006 Subject: More problems than just ALL_TRusted In-Reply-To: References: Message-ID: <43E7AE3A.6060006@evi-inc.com> Richard Edge wrote: > I don't have a v310.pre. I have a init.pre and an init.pre.pre-v310 on > both gateways. Ouch.. where did you get your copy of SA from???! From dhawal at netmagicsolutions.com Mon Feb 6 20:18:20 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Mon Feb 6 20:18:24 2006 Subject: More problems than just ALL_TRusted In-Reply-To: References: Message-ID: <20060206201820.8273.qmail@mymail.netmagicians.com> Richard Edge writes: > I don't have a v310.pre. I have a init.pre and an init.pre.pre-v310 on > both gateways. Both files have identical contents except for some extra > 'loadplugin Mail::SpamAssassin::Plugin::RelayCountry', 'loadplugin > Mail::SpamAssassin::Plugin::SPF' and 'loadplugin > Mail::SpamAssassin::Plugin::URIDNSBL' lines ininit.pre.pre-v310.pre. The > 'loadplugin Mail::SpamAssassin::Plugin::ReplaceTags' is uncommented in > init.pre. Could you also try 'spamassassin -x -D --lint', the '-x' ensures that user preferences file are not created. Also what is there in /root/.spamassassin? - dhawal > Richard Edge > Senior Systems Administrator | Technology Services > Trinity Western University | t: 604.513.2089 > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt > Kettler > Sent: Monday, February 06, 2006 11:01 AM > To: MailScanner discussion > Subject: Re: More problems than just ALL_TRusted > > Richard Edge wrote: > >> config: warning: score set for non-existent rule FUZZY_GUARANTEE >> config: warning: score set for non-existent rule FUZZY_BILLION > > Those warnings sound like the ReplaceTags plugin isn't loaded.. > > Check your /etc/mail/spamassassin/v310.pre for: > loadplugin Mail::SpamAssassin::Plugin::ReplaceTags > > It's a bit of a bug in SA 3.1.0 that disabling this plugin isn't handled > gracefully. Then again, I can't see why anyone would want to disable > this plugin if they understood it. It's low overhead and very useful. From Edge at twu.ca Mon Feb 6 20:24:05 2006 From: Edge at twu.ca (Richard Edge) Date: Mon Feb 6 20:23:11 2006 Subject: More problems than just ALL_TRusted Message-ID: >From www.mailscanner.info, I have always installed it from install-Clam-SA.tar.gz since first running MailScanner. While there was an older version on the system from my original RHEL 3 install, I have used the install-Clam-SA.tar.gz since first running MailScanner a year and a half ago. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Kettler Sent: Monday, February 06, 2006 12:15 PM To: MailScanner discussion Subject: Re: More problems than just ALL_TRusted Richard Edge wrote: > I don't have a v310.pre. I have a init.pre and an init.pre.pre-v310 on > both gateways. Ouch.. where did you get your copy of SA from???! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mkettler at evi-inc.com Mon Feb 6 20:30:35 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Feb 6 20:30:44 2006 Subject: install-Clam-SA.tar.gz missing files (Was More problems than just ALL_TRusted) In-Reply-To: References: Message-ID: <43E7B1EB.4020900@evi-inc.com> Richard Edge wrote: >>From www.mailscanner.info, I have always installed it from > install-Clam-SA.tar.gz since first running MailScanner. While there was > an older version on the system from my original RHEL 3 install, I have > used the install-Clam-SA.tar.gz since first running MailScanner a year > and a half ago. Erm, Julian.. Is that install file for some reason missing v310.pre? From Edge at twu.ca Mon Feb 6 20:31:37 2006 From: Edge at twu.ca (Richard Edge) Date: Mon Feb 6 20:31:47 2006 Subject: More problems than just ALL_TRusted Message-ID: The following files are in root/.spamassassin: [root@mx10 root]# ls -la .spamassassin/ total 44 drwx------ 2 root root 4096 Jan 20 04:09 . drwxr-x--- 24 root root 4096 Feb 6 11:40 .. -rw------- 1 root root 12288 Nov 18 10:53 auto-whitelist -rw-rw-rw- 1 root root 6 Nov 18 10:53 auto-whitelist.mutex -rw------- 1 root root 12288 Jan 5 09:55 bayes_seen -rw------- 1 root root 12288 Jan 5 09:55 bayes_toks -rw-r--r-- 1 root root 1487 Nov 16 01:53 user_prefs It is the same on both gateways. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dhawal Doshy Sent: Monday, February 06, 2006 12:18 PM To: MailScanner discussion Subject: Re: More problems than just ALL_TRusted Richard Edge writes: > I don't have a v310.pre. I have a init.pre and an init.pre.pre-v310 on > both gateways. Both files have identical contents except for some > extra 'loadplugin Mail::SpamAssassin::Plugin::RelayCountry', > 'loadplugin Mail::SpamAssassin::Plugin::SPF' and 'loadplugin > Mail::SpamAssassin::Plugin::URIDNSBL' lines ininit.pre.pre-v310.pre. > The 'loadplugin Mail::SpamAssassin::Plugin::ReplaceTags' is > uncommented in init.pre. Could you also try 'spamassassin -x -D --lint', the '-x' ensures that user preferences file are not created. Also what is there in /root/.spamassassin? - dhawal > Richard Edge > Senior Systems Administrator | Technology Services Trinity Western > University | t: 604.513.2089 > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt > Kettler > Sent: Monday, February 06, 2006 11:01 AM > To: MailScanner discussion > Subject: Re: More problems than just ALL_TRusted > > Richard Edge wrote: > >> config: warning: score set for non-existent rule FUZZY_GUARANTEE >> config: warning: score set for non-existent rule FUZZY_BILLION > > Those warnings sound like the ReplaceTags plugin isn't loaded.. > > Check your /etc/mail/spamassassin/v310.pre for: > loadplugin Mail::SpamAssassin::Plugin::ReplaceTags > > It's a bit of a bug in SA 3.1.0 that disabling this plugin isn't > handled gracefully. Then again, I can't see why anyone would want to > disable this plugin if they understood it. It's low overhead and very useful. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From victor at pixelmagicfx.com Mon Feb 6 20:47:06 2006 From: victor at pixelmagicfx.com (Victor DiMichina) Date: Mon Feb 6 20:47:28 2006 Subject: dcc failure In-Reply-To: <43E69FA4.1020404@rbrana.co.id> References: <43E69FA4.1020404@rbrana.co.id> Message-ID: <43E7B5CA.1000401@pixelmagicfx.com> ius wrote: > > Dear mailscanner, > > I got this error messages when do the spamassassin -D --lint -p > /etc/MailScanner/spam.assassin.prefs.conf. My DCC installed properly > and placed where it should be > > [7934] warn: config: failed to parse line, skipping: dcc_path > /usr/local/bin/dccproc > [7934] warn: config: failed to parse line, skipping: dcc_home /var/dcc > > Does anyone know what it is ? > > Thanks alot > ius > > http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:plugins:dcc:dccifd_install If I were you, I'd try a re-install of the DCC plugin for Spamassassin. That wiki helped me quite a bit. Vic From campbell at cnpapers.com Mon Feb 6 21:05:41 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Feb 6 21:07:10 2006 Subject: dcc failure References: <43E69FA4.1020404@rbrana.co.id> <223f97700602060852r3238fd76t@mail.gmail.com> Message-ID: <002601c62b61$16a5e230$0705000a@DDF5DW71> I don't run DCC, but the dcc_path was in my spam.assassin.prefs.conf file from long ago. I, too was getting these messages with --lint. I commented it out, and the problem went away. The DCC plugin is diabled in my init.pre file. I'm just wondering if, like the use_auto_whitelist parameter once was, these two parms are no longer valid or have changed form. These were there from ages ago. Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: "Glenn Steen" To: "MailScanner discussion" Sent: Monday, February 06, 2006 11:52 AM Subject: Re: dcc failure > On 06/02/06, ius wrote: >> Dear mailscanner, >> >> I got this error messages when do the spamassassin -D --lint -p >> /etc/MailScanner/spam.assassin.prefs.conf. My DCC installed properly and >> placed where it should be >> >> [7934] warn: config: failed to parse line, skipping: dcc_path >> /usr/local/bin/dccproc >> [7934] warn: config: failed to parse line, skipping: dcc_home /var/dcc >> >> Does anyone know what it is ? >> >> Thanks alot >> ius > What MailScanner and Spamassassin versions do you have? > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From john at jolet.net Mon Feb 6 21:14:40 2006 From: john at jolet.net (John Jolet) Date: Mon Feb 6 21:14:46 2006 Subject: permissions problem on startup In-Reply-To: <43E7945F.1020806@yeticomputers.com> References: <46E37D27-F082-48B7-B007-AE25597F9D01@jolet.net> <43E5F782.7020005@ecs.soton.ac.uk> <43E5FF39.10909@ecs.soton.ac.uk> <84B37A2A-C8BA-4F1B-979C-A116E51156B6@jolet.net> <43E7945F.1020806@yeticomputers.com> Message-ID: On Feb 6, 2006, at 12:24 PM, Rick Chadderdon wrote: > I ended up having to give the postfix user a shell, su to postfix and > then run check_mailscanner. Sounds like what you finally did. I kept > having little glitches with that machine, though. Nothing serious, > just > little things like having to jump through odd hoops to launch > MailScanner... perldoc would never work, claiming it was missing > modules that *were* installed... There were a few other strange > problems, always involving perl apps. I'm guessing that the > problem was > one of mangled permissions somewhere deep in the perl tree, but I > never > found out. I finally decided that Gentoo simply requires too much > babysitting for me to want to use it on a production server. Last > week > I put together a Centos 4.2 box, moved all of the mail over there, > installed the latest MailScanner and everything was fine. > > I really like a lot of things about Gentoo, but it's little things > like > this that have made me pull it off all of my production servers. The > primary mailserver was the last holdout. Just curious: Do *you* get > an error if you try 'postdoc postdoc'? > you mean "perldoc postdoc"? no errors, but I will say on this box, sudo doesn't work because of what it claims are permission problems...like root can't read /etc/sudoers...right. I've got 30+ production gentoo boxes running and this is the first time i've seen anything like this happen. I had started to set this box up hardened, but then changed my mind, so I could very well have installed pax or something like that and then not gone with the hardened toolchain. Just for the record, I'm fully confident that the problem is NOT a mailscanner issue. but this is a test box, and artifacts of this sort are acceptable at this time. The box I REALLY run mail through is an FC4 box. Just wanted to look at mailscanner as a replacement for amavis-new. Had some problems with it, and the debug information it gives you is useless.. > Rick > > John Jolet wrote: > >>>> yeah, I thought of that. If I give postfix a shell, su - >>>> postfix I >>>> can view the file just fine. It appeared to me when I looked at >>>> that module that it was mostly concerned with ldap servers. was I >>>> incorrect? I don't have any, and that portion of the config file >>>> is commented out. just grasping at straws at this point. >>> >>> >>> I would not advise you try to work out how the configuration >>> compiler works, it's pretty complex. :-) >>> >>> If you do su - postfix then cd / then cd down each dir to the >>> file's >>> location, does that all work at every step? >> >> yes, it does. That gave me an idea, however. su - postfix from >> root, THEN run check_mailscanner, and it works. so I can start it as >> postfix if i'm postfix. I guess I can handle that.....but it's still >> odd. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From john at jolet.net Mon Feb 6 21:21:01 2006 From: john at jolet.net (John Jolet) Date: Mon Feb 6 21:21:05 2006 Subject: permissions problem on startup In-Reply-To: <43E79989.5080900@yeticomputers.com> References: <46E37D27-F082-48B7-B007-AE25597F9D01@jolet.net> <43E5F782.7020005@ecs.soton.ac.uk> <43E5FF39.10909@ecs.soton.ac.uk> <84B37A2A-C8BA-4F1B-979C-A116E51156B6@jolet.net> <43E7945F.1020806@yeticomputers.com> <43E79989.5080900@yeticomputers.com> Message-ID: <146E9F0D-5D67-4918-B17E-DD147AA8F64D@jolet.net> On Feb 6, 2006, at 12:46 PM, Rick Chadderdon wrote: > I, of course, meant 'perldoc perldoc'. (sigh) > in that case....works perfectly. > Rick Chadderdon wrote: > >> Just curious: Do *you* get an error if you try 'postdoc postdoc'? >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From naolson at gmail.com Mon Feb 6 21:25:03 2006 From: naolson at gmail.com (Nathan Olson) Date: Mon Feb 6 21:25:06 2006 Subject: dcc failure In-Reply-To: <002601c62b61$16a5e230$0705000a@DDF5DW71> References: <43E69FA4.1020404@rbrana.co.id> <223f97700602060852r3238fd76t@mail.gmail.com> <002601c62b61$16a5e230$0705000a@DDF5DW71> Message-ID: <8f54b4330602061325i6e58b5e4i64665f9070aecabb@mail.gmail.com> Auto whitelist functionality was moved into a plugin. Any config file directives that mention plugin functionality aren't valid unless the plugin is loaded. Nate From MailScanner at ecs.soton.ac.uk Mon Feb 6 21:38:44 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 6 21:38:52 2006 Subject: install-Clam-SA.tar.gz missing files (Was More problems than just ALL_TRusted) In-Reply-To: <43E7B1EB.4020900@evi-inc.com> References: <43E7B1EB.4020900@evi-inc.com> Message-ID: <43E7C1E4.2080503@ecs.soton.ac.uk> Matt Kettler wrote: > Richard Edge wrote: > >> >From www.mailscanner.info, I have always installed it from >> install-Clam-SA.tar.gz since first running MailScanner. While there was >> an older version on the system from my original RHEL 3 install, I have >> used the install-Clam-SA.tar.gz since first running MailScanner a year >> and a half ago. >> > > Erm, Julian.. Is that install file for some reason missing v310.pre? > It was from a misunderstanding of what files should ideally exist. I created the init.pre as I thought the v310.pre was what was intended to be init.pre. I have now changed the install-Clam-SA.tar.gz to leave the v310.pre alone. Sorry about that, it wasn't clear to me at the time what the intention was. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Feb 6 21:41:40 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 6 21:41:49 2006 Subject: install-Clam-SA.tar.gz missing files (Was More problems than just ALL_TRusted) In-Reply-To: <43E7B1EB.4020900@evi-inc.com> References: <43E7B1EB.4020900@evi-inc.com> Message-ID: <43E7C294.9070308@ecs.soton.ac.uk> Matt Kettler wrote: > Richard Edge wrote: > >> >From www.mailscanner.info, I have always installed it from >> install-Clam-SA.tar.gz since first running MailScanner. While there was >> an older version on the system from my original RHEL 3 install, I have >> used the install-Clam-SA.tar.gz since first running MailScanner a year >> and a half ago. >> > > Erm, Julian.. Is that install file for some reason missing v310.pre? > By the way, as the local.cf (and mailscanner.cf) is in the @Mail::SpamAssassin::site_rules_path path, is the v310.pre in the same place? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at yeticomputers.com Mon Feb 6 21:47:48 2006 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Mon Feb 6 21:48:00 2006 Subject: permissions problem on startup In-Reply-To: References: <46E37D27-F082-48B7-B007-AE25597F9D01@jolet.net> <43E5F782.7020005@ecs.soton.ac.uk> <43E5FF39.10909@ecs.soton.ac.uk> <84B37A2A-C8BA-4F1B-979C-A116E51156B6@jolet.net> <43E7945F.1020806@yeticomputers.com> Message-ID: <43E7C404.1030408@yeticomputers.com> We have something in common other than the same, odd permission problem. I had also started to set that server up hardened and then changed my mind. I checked everything I could think of at the time, but since I had the server working I kind of forgot about it 'til I started noticing the other little issues, all of which could easily have spun out from that one thing. I have just about a dozen production servers, all of which were Gentoo at one time. A couple of years ago, I'd have said the same thing. :) My primary workstation is still Gentoo, but I have enough spare time to tinker with just one box. Not with a dozen. Oh, I was wrong about the mailserver being my last Gentoo server. I still have two. One is for backup storage and one is a Samba DC/fileserver. Those haven't given me any problems at all. Hm. John Jolet wrote: > you mean "perldoc postdoc"? no errors, but I will say on this box, > sudo doesn't work because of what it claims are permission > problems...like root can't read /etc/sudoers...right. > > I've got 30+ production gentoo boxes running and this is the first > time i've seen anything like this happen. I had started to set this > box up hardened, but then changed my mind, so I could very well have > installed pax or something like that and then not gone with the > hardened toolchain. Just for the record, I'm fully confident that > the problem is NOT a mailscanner issue. but this is a test box, and > artifacts of this sort are acceptable at this time. The box I REALLY > run mail through is an FC4 box. Just wanted to look at mailscanner > as a replacement for amavis-new. Had some problems with it, and the > debug information it gives you is useless.. > From mkettler at evi-inc.com Mon Feb 6 21:56:56 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Feb 6 21:57:06 2006 Subject: install-Clam-SA.tar.gz missing files (Was More problems than just ALL_TRusted) In-Reply-To: <43E7C1E4.2080503@ecs.soton.ac.uk> References: <43E7B1EB.4020900@evi-inc.com> <43E7C1E4.2080503@ecs.soton.ac.uk> Message-ID: <43E7C628.2000007@evi-inc.com> Julian Field wrote: > Matt Kettler wrote: >> Richard Edge wrote: >> >>> >From www.mailscanner.info, I have always installed it from >>> install-Clam-SA.tar.gz since first running MailScanner. While there was >>> an older version on the system from my original RHEL 3 install, I have >>> used the install-Clam-SA.tar.gz since first running MailScanner a year >>> and a half ago. >>> >> >> Erm, Julian.. Is that install file for some reason missing v310.pre? >> > It was from a misunderstanding of what files should ideally exist. I > created the init.pre as I thought the v310.pre was what was intended to > be init.pre. > I have now changed the install-Clam-SA.tar.gz to leave the v310.pre alone. It is intended to be installed alongside init.pre. This way if you upgrade SpamAssassin new 3.1.0 plugin settings can be added on without having to blow away a users existing init.pre, which they may have modified since installing 3.0.x. From mkettler at evi-inc.com Mon Feb 6 21:57:54 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Feb 6 21:58:15 2006 Subject: install-Clam-SA.tar.gz missing files (Was More problems than just ALL_TRusted) In-Reply-To: <43E7C294.9070308@ecs.soton.ac.uk> References: <43E7B1EB.4020900@evi-inc.com> <43E7C294.9070308@ecs.soton.ac.uk> Message-ID: <43E7C662.3040905@evi-inc.com> Julian Field wrote: > Matt Kettler wrote: >> Richard Edge wrote: >> >>> >From www.mailscanner.info, I have always installed it from >>> install-Clam-SA.tar.gz since first running MailScanner. While there was >>> an older version on the system from my original RHEL 3 install, I have >>> used the install-Clam-SA.tar.gz since first running MailScanner a year >>> and a half ago. >>> >> >> Erm, Julian.. Is that install file for some reason missing v310.pre? >> > By the way, as the local.cf (and mailscanner.cf) is in the > @Mail::SpamAssassin::site_rules_path > path, is the v310.pre in the same place? Yes, both init.pre and v310.pre belong in the site_rules_path. And you theoretically should never clobber an existing file. From glenn.steen at gmail.com Mon Feb 6 22:02:04 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 6 22:02:08 2006 Subject: More problems than just ALL_TRusted In-Reply-To: References: Message-ID: <223f97700602061402q4ebdb379n@mail.gmail.com> On 06/02/06, Richard Edge wrote: > I have looked at the following: > > > Syntax error in line 1480, value "" for spamblacklist is not one of > > allowed values "yes","no" at > > /usr/lib/MailScanner/MailScanner/Config.pm > > line 2360 > > My line 1480 is 'Is Definitely Spam = $SQLBlacklist' and is the same as > my mx20 config. IIRC, SQLBlacklist is a subroutine/function call and should be spelled with an "&", not a "$"... IOW: Is Definitely Spam = &SQLBlacklist > > Syntax error in line 1473, value "" for spamwhitelist is not one of > > allowed values "yes","no" at > > /usr/lib/MailScanner/MailScanner/Config.pm > > line 2360 > > My line 1473 shows 'Is Definitely Not Spam = $SQLWhitelist' which is > exactly what the same line on my config file on mx20.twu.ca and is > supposed be set to this for MailWatch. Same error as for the blacklist call above. > > Possible syntax error on line 26 of > > /etc/MailScanner/filename.rules.conf > > at /usr/lib/MailScanner/MailScanner/Config.pm line 1274 Remember to > > separate fields with tab characters! at > > /usr/lib/MailScanner/MailScanner/Config.pm line 1276 Read 702 > > My line 26 in /etc/MailScanner/filename.rules.conf shows > '/etc/MailScanner/filename.rules.conf' which was not added by me, but is > a part of your base file setup. The only changes I made in this file was > to comment out the winmail, .bmp,.ico, .ani, .cur, and .hlp deny lines a > couple of versions ago. Don't know about this one... Perhaps the wrong type of comment chars? > I don't know where the 'warning: score set for non-existent rule' lines > are coming from since I do not recognize any of these rules. They are > not scores I have set anywhere. Better heads than mine will likely help with this one... Could they be "leftover" rules from a previous SA? Or some "plugin" not being loaded correctly? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mailscanner at mango.zw Mon Feb 6 21:59:22 2006 From: mailscanner at mango.zw (Jim Holland) Date: Mon Feb 6 22:06:26 2006 Subject: OT: but Sendmail experst please help In-Reply-To: Message-ID: On Sat, 4 Feb 2006, WILL HALSALL wrote: > I had a test message from maps regarding open relays. Our sendmail will > accept for deliver messages of the format > but will not accept mail for > deliver with format . > > could one of the sendmail experts please explain how to stop this? below is > the telnet session > rcpt to: > 250 2.1.5 ... Recipient ok I have never seen the above address format. A common test is to send to say will.halsall%hotmail.com@fcot5.farn-ct.ac.uk, which should be denied by default with a current version of sendmail. However this is a different format which I haven't seen being used for relaying. I tried a similar test to yours on sendmail 8.13 with my own domain and a known yahoo.com address and found that the message was also accepted, which was rather disappointing (as it can then lead to bounces being sent to spoofed senders). The message ended up being undeliverable because sendmail looked for the domain yahoo.com%mango.zw and said "yahoo.com%mango.zw.: host not found". I am therefore puzzled as to how your message ended up being delivered to will.halsall@hotmail.com. I would be interested to know what result you get by running "sendmail -bt" and then entering at the prompt: 3,0 will.halsall@hotmail.com%fcot5.farn-ct.ac.uk If it resolves to will.halsall@hotmail.com then you definitely have a problem. I get the following final output: parse returns: $# esmtp $@ hotmail . com % fcot5 . farn-ct . ac . uk . $: will . halsall < @ hotmail . com % fcot5 . farn-ct . ac . uk . > which is clearly undeliverable. Your nameserver reports NXDOMAIN for the domain hotmail.com%fcot5.farn-ct.ac.uk, so I am puzzled as to how the message did get delivered. What does your maillog file say for the message? Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From ssilva at sgvwater.com Mon Feb 6 22:14:14 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 6 22:15:17 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: Message-ID: Richard Edge spake the following on 2/6/2006 9:30 AM: > Hi Scott, > > I tried your suggestion, but still no joy. Thanks anyways. > > Richard Edge > Senior Systems Administrator | Technology Services > Trinity Western University | t: 604.513.2089 > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology Have you verified that your /etc/mail/spamassassin/mailscanner.cf is a symlink to /etc/MailScanner/spam.assassin.prefs.conf? Otherwise, I'm at a loss. Maybe time to hose the MailScanner and Spamassassin installs, and start over? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From Edge at twu.ca Mon Feb 6 22:32:05 2006 From: Edge at twu.ca (Richard Edge) Date: Mon Feb 6 22:31:39 2006 Subject: More problems than just ALL_TRusted Message-ID: Doh! How did I miss that one. I am not sure how that changed from & to $ since I had pasted that value in when first setting it up installing MailWatch. I have found a clue though. It appears to have changed during a previous upgade, I founf a MailScanner.conf.old from a MailScanner upgrade I did on Jan 27. From that file (MailScanner.old) it is correct: ----------------------- #Is Definitely Not Spam = &SQLWhiteList # Spam Blacklist: # Make this point to a ruleset, and anything in that ruleset whose value # is "yes" will *always* be marked as spam. # This value can be over-ridden by the "Is Definitely Not Spam" setting. # This can also be the filename of a ruleset. Is Definitely Spam = no #Is Definitely Spam = &SQLBlacklist ----------------------- I guess it occurred during an upgrade_MailScanner_conf and I missed it when checking the new conf file before mv'ing to the new one. Thanks for catching that. I guess this just emphasizes the need to verify changes before committing them. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Monday, February 06, 2006 2:02 PM To: MailScanner discussion Subject: Re: More problems than just ALL_TRusted On 06/02/06, Richard Edge wrote: > I have looked at the following: > > > Syntax error in line 1480, value "" for spamblacklist is not one of > > allowed values "yes","no" at > > /usr/lib/MailScanner/MailScanner/Config.pm > > line 2360 > > My line 1480 is 'Is Definitely Spam = $SQLBlacklist' and is the same > as my mx20 config. IIRC, SQLBlacklist is a subroutine/function call and should be spelled with an "&", not a "$"... IOW: Is Definitely Spam = &SQLBlacklist > > Syntax error in line 1473, value "" for spamwhitelist is not one of > > allowed values "yes","no" at > > /usr/lib/MailScanner/MailScanner/Config.pm > > line 2360 > > My line 1473 shows 'Is Definitely Not Spam = $SQLWhitelist' which is > exactly what the same line on my config file on mx20.twu.ca and is > supposed be set to this for MailWatch. Same error as for the blacklist call above. > > Possible syntax error on line 26 of > > /etc/MailScanner/filename.rules.conf > > at /usr/lib/MailScanner/MailScanner/Config.pm line 1274 Remember to > > separate fields with tab characters! at > > /usr/lib/MailScanner/MailScanner/Config.pm line 1276 Read 702 > > My line 26 in /etc/MailScanner/filename.rules.conf shows > '/etc/MailScanner/filename.rules.conf' which was not added by me, but > is a part of your base file setup. The only changes I made in this > file was to comment out the winmail, .bmp,.ico, .ani, .cur, and .hlp > deny lines a couple of versions ago. Don't know about this one... Perhaps the wrong type of comment chars? > I don't know where the 'warning: score set for non-existent rule' > lines are coming from since I do not recognize any of these rules. > They are not scores I have set anywhere. Better heads than mine will likely help with this one... Could they be "leftover" rules from a previous SA? Or some "plugin" not being loaded correctly? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Mon Feb 6 22:38:45 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 6 22:39:16 2006 Subject: MailScanner needs to be restarted 2 times In-Reply-To: <1138983705.26170.35.camel@lin-workstation.azapple.com> References: <012801c62837$66435980$ab5d5c5c@MOELLER.COM> <43E26F3B.5080907@robhq.com> <87F21993-87EA-4FE5-8683-08467879E1F6@themarshalls.co.uk> <1138983705.26170.35.camel@lin-workstation.azapple.com> Message-ID: Craig White spake the following on 2/3/2006 8:21 AM: > On Thu, 2006-02-02 at 16:44 -0800, Scott Silva wrote: >> Drew Marshall spake the following on 2/2/2006 2:24 PM: > >>> Nice sig. Definitely takes signature of the week winner!! >>> >> If I can just figure out how to get thunderbird to use different signatues on >> different news accounts from the same gmane account, I wouldn't have >> MailScanner plugs going to the CentOS list. >> >> Oh well... Free advertising for Julian ;-) > ---- > do you mean the airplane sig? > > I kind of like that one. > > It's been kind of quiet on CentOS list lately anyway. > > Craig > I ko'd the airplane sig because it got munged from the fixed / variable font switching in the replies. It looked pretty sad sometimes. The CentOS general list is as busy as this one.. and just as hot sometimes ;-& -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Feb 6 22:40:34 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 6 22:52:10 2006 Subject: How does one downgrade? In-Reply-To: <43E3E574.6070605@haigmail.com> References: <43E25ED9.5090103@haigmail.com> <43E282B4.5010201@ecs.soton.ac.uk> <43E3E574.6070605@haigmail.com> Message-ID: Lance Haig spake the following on 2/3/2006 3:21 PM: > Hi Julian, > > I will give you direct access to the box if that would make things easier? > > Lance > > Julian Field wrote: >>> I would be very interested to work through your problems with 4.50 when >>> you have time. >>> Hopefully, some posting on the results.. One of us can put it in the WIKI if it is useful. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From listacct at tulsaconnect.com Mon Feb 6 22:56:48 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Mon Feb 6 22:56:43 2006 Subject: 4.50.15 - Big problems on FreeBSD / exim In-Reply-To: <43E79185.90401@tulsaconnect.com> References: <43E77B62.20805@tulsaconnect.com> <43E77E8F.5000300@ecs.soton.ac.uk> <43E79185.90401@tulsaconnect.com> Message-ID: <43E7D430.2010006@tulsaconnect.com> TCIS List Acct wrote: > I see the problem now: > > PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU CPU COMMAND > 49938 root -2 0 180M 112M getblk 0 0:02 17.57% 9.28% perl > 49826 root -2 0 515M 262M getblk 0 0:04 9.73% 8.54% perl > 49870 root 28 0 515M 266M pfault 2 0:04 10.66% 8.40% perl > 49530 root -2 0 515M 423M getblk 2 0:06 7.99% 7.81% perl > 49993 root 28 0 360M 181M pfault 0 0:01 9.32% 3.08% perl > 50000 root 28 0 22572K 14708K pfault 0 0:00 19.48% 1.86% perl > > The perl processes are taking massive amounts of RAM on 4.50.15. I'll > try turning off the SA caching and see if that makes any difference. Ok, I've tracked down part of the problem (from the 4.48.4-2 release notes): - Rearranged SpamAssassin spam.assassin.prefs.conf file, it is now read by SpamAssassin via a link called "mailscanner.cf" in the site_rules directory. It is no longer read directly by MailScanner, it is just read by Spam-Assassin during its normal initialisation process. This really hosed those of us not using an RPM or install.sh script (and those of us dumb enough not to read the relnotes before doing this :)) -- it caused my SA prefs not to be read in, and thus caused SA to use its default settings (Bayes on, DNS BL's on, etc) which caused the majority of the performance problems. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From Edge at twu.ca Mon Feb 6 23:10:18 2006 From: Edge at twu.ca (Richard Edge) Date: Mon Feb 6 23:13:52 2006 Subject: ALL_TRUSTED problems Message-ID: Yes, the symlink is in place. I am beginning to think that removing MailScanner and reinstalling from scratch is looking a little more attractive at this point too. I take it that all I need to do to remove it is the delete the follwing directories and their contents: /etc/MailScanner /usr/lib/MailScanner /usr/sbin/MailScanner If I want to install SA 3.1 from scratch, what do I need to do other than Julian's earlier suggestion of removing SpamAssassin.pm Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva Sent: Monday, February 06, 2006 2:14 PM To: mailscanner@lists.mailscanner.info Subject: Re: ALL_TRUSTED problems Richard Edge spake the following on 2/6/2006 9:30 AM: > Hi Scott, > > I tried your suggestion, but still no joy. Thanks anyways. > > Richard Edge > Senior Systems Administrator | Technology Services Trinity Western > University | t: 604.513.2089 > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology Have you verified that your /etc/mail/spamassassin/mailscanner.cf is a symlink to /etc/MailScanner/spam.assassin.prefs.conf? Otherwise, I'm at a loss. Maybe time to hose the MailScanner and Spamassassin installs, and start over? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Mon Feb 6 23:56:46 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 7 00:02:13 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: Message-ID: Richard Edge spake the following on 2/6/2006 3:10 PM: > Yes, the symlink is in place. I am beginning to think that removing > MailScanner and reinstalling from scratch is looking a little more > attractive at this point too. > > I take it that all I need to do to remove it is the delete the follwing > directories and their contents: > > /etc/MailScanner > /usr/lib/MailScanner > /usr/sbin/MailScanner > > If I want to install SA 3.1 from scratch, what do I need to do other > than Julian's earlier suggestion of removing SpamAssassin.pm > > Richard Edge > Senior Systems Administrator | Technology Services > Trinity Western University | t: 604.513.2089 > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott > Silva > Sent: Monday, February 06, 2006 2:14 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: ALL_TRUSTED problems > > Richard Edge spake the following on 2/6/2006 9:30 AM: >> Hi Scott, >> >> I tried your suggestion, but still no joy. Thanks anyways. >> >> Richard Edge >> Senior Systems Administrator | Technology Services Trinity Western >> University | t: 604.513.2089 >> f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > Have you verified that your /etc/mail/spamassassin/mailscanner.cf is a > symlink to /etc/MailScanner/spam.assassin.prefs.conf? > > Otherwise, I'm at a loss. Maybe time to hose the MailScanner and > Spamassassin installs, and start over? > > > That should do it, but you might want to mv instead of rm, just in case. You can always kill it later. I always keep one stable version back, just in case. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Tue Feb 7 00:22:22 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 7 00:22:42 2006 Subject: This list rules!!! Successful upgrade from 4.43 to 4.50 with no glitches! In-Reply-To: <6.2.3.4.0.20060205114353.089f86c8@mxt.1bigthink.com> References: <6.2.3.4.0.20060205114353.089f86c8@mxt.1bigthink.com> Message-ID: dnsadmin 1bigthink.com spake the following on 2/5/2006 8:55 AM: > Hello All, > > I just wanted to report a success story instead of the usual problems. I > upgraded overnight beginning at 00:10 +5GMT last night and was complete > and satisfied everything was going well enough to sleep well by 1:03 +5GMT. > > Thanks Julian! Docs were certainly clear enough! Thank you ALL for > preparing me for the pitfalls! > > Whitebox Linux 3.x (updated RPMs) = RHES 3.x (up to date RPMs) > MailScanner 4.43 upgrade to 4.50 > SpamAssassin-3.03+ClamAV0.88 upgrade to SpamAssassin 3.10+ClamAV0.88 > Mailwatch 0.51 (want to upgrade soon) > > Cheers! > Glenn > Watch out when upgrading MailWatch... You need to get the 1.0.0 tarball also. See the Mailwatch list. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From gdoris at rogers.com Tue Feb 7 01:38:20 2006 From: gdoris at rogers.com (Gerry Doris) Date: Tue Feb 7 01:38:44 2006 Subject: MailScanner lint errors? In-Reply-To: References: <43E650E2.7050805@rogers.com> <43E65582.6040709@ecs.soton.ac.uk><43E65C25.7000809@rogers.com><00ac01c62b26$647293e0$0705000a@DDF5DW71> <41671272-FEDB-4164-A786-3FA2418554D1@ecs.soton.ac.uk> <019601c62b2a$421e2350$0705000a@DDF5DW71> Message-ID: <43E7FA0C.1080201@rogers.com> Julian Field wrote: > Please apply this patch to /usr/sbin/MailScanner and then try it again. > > > On 6 Feb 2006, at 14:33, Steve Campbell wrote: > I tried the patch and it fixed the pid error. I still get those other errors about concatenation errors in SweepVirus.pm but I agree they don't seem to mean anything. From markee at bandwidthco.com Tue Feb 7 02:29:57 2006 From: markee at bandwidthco.com (Mark E. Donaldson) Date: Tue Feb 7 02:30:23 2006 Subject: MailScanner lint errors? In-Reply-To: <00ac01c62b26$647293e0$0705000a@DDF5DW71> Message-ID: <002d01c62b8e$63475f10$0300a8c0@bandwidthco.com> I would like to confirm this identical problem on SUSE 10. I upgraded from 4.50.8 to 4.50.15 yesterday on my two mail relays and am experiencing the same behavior. Been using MailScanner on SUSE since the beginning of time and have never seen this before. ########################################## This is coming from the home and office of: Mark E. Donaldson Bandwidthco Computer Security markee@bandwidthco.com http://www.bandwidthco.com/ Copyright C 1999 Bandwidthco.com. All rights reserved. 4500 0028 a66b 4000 8006 d307 c0a8 000a c0a8 0002 0871 0bc3 572b 25f7 ca7d 1b60 5010 f64c c0f6 0000 0000 0000 0000 ########################################## CCNA, OCP, GSEC, GCFW, GCIH, GCIA, GCUX, GCFA, X-Ways (WinHex) Forensics Certified ########################################## Hacking is the process of influencing a computer system in such a way that it performs an action that is useful to you. ########################################## .~. /V\ /( )\ ^^-^^ -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Campbell Sent: Monday, February 06, 2006 6:06 AM To: MailScanner discussion Subject: Re: MailScanner lint errors? Julian, I'm seeing the same with respect to the PID file. My conf file points to /var/run/ and the file does exist. I'm also seeing the dual restart problem, where I am required to start MS twice if I stop it. I alway need to 'killall sendmail', but this doesn't cause the need to start MS twice. There are no sendmail processes running before I start MS. There are no log errors, it just doesn't start. I just thought I would mention this off-thread part in case it might have something to do with the PID problem. MS 4.50-15 MailWatch 1.0.3 SA 3.10 (or whatever was the latest as of last week) Tao Linux 1.0 Update 6 Thanks. Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: "Gerry Doris" To: "MailScanner discussion" Sent: Sunday, February 05, 2006 3:12 PM Subject: Re: MailScanner lint errors? > Julian Field wrote: >> I strongly suspect that none are relevant, apart from the Cannot write >> pid file error. Check this is set to something in your MailScanner.conf >> file. > > I checked MailScanner.conf and the MailScanner PID is set to > /var/run/MailScanner.pid The file is really there and is being used. > > Like I said, there are no errors in any logs and mail is being sent and > received. It was working but I can't remember the last time I tried it. > > I'm using the latest MailWatch. Would that be confusing the MailScanner > lint operation? > > >> >> Gerry Doris wrote: >> >>> I've started seeing errors after running MailScanner --lint which I >>> haven't seen before. >>> >>> I was running 4.50.10 and decided to upgrade to 4.50.15 today. >>> Everything went well and MailScanner is working properly. I see no >>> errors in any of the logs. Mail is being accepted and delivered. >>> >>> MailScanner -v runs without errors but when I run MailScanner --lint I >>> get the following: >>> >>> [root@tiger MailScanner]# MailScanner --lint >>> Read 701 hostnames from the phishing whitelist >>> Config: calling custom init function SQLBlacklist >>> Config: calling custom init function MailWatchLogging >>> Config: calling custom init function SQLWhitelist >>> Cannot write pid file , No such file or directory at >>> /usr/sbin/MailScanner line 1238 >>> Checking for SpamAssassin errors (if you use it)... >>> Using SpamAssassin results cache >>> Connected to SpamAssassin cache database >>> SpamAssassin reported no errors. >>> >>> MailScanner.conf says "Virus Scanners = clamavmodule f-prot trend >>> bitdefender" >>> >>> Use of uninitialized value in split at >>> /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2879. >>> Use of uninitialized value in concatenation (.) or string at >>> /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>> Use of uninitialized value in concatenation (.) or string at >>> /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2880. >>> Can't exec "-IsItInstalled": No such file or directory at >>> /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2882. >>> ...snip >>> the above is repeated 5 more times >>> ...snip >>> >>> Found these virus scanners installed: bitdefender, f-prot, clamavmodule, >>> trend >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ######################################################## This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. postmaster@bandwidthco.com MailScanner at Bandwidthco Computer Security is for your absolute protection. ######################################################## ######################################################## This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. postmaster@bandwidthco.com MailScanner at Bandwidthco Computer Security is for your absolute protection. ######################################################## From listacct at tulsaconnect.com Tue Feb 7 03:28:14 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Tue Feb 7 03:28:17 2006 Subject: More 4.50.15 woes on FreeBSD In-Reply-To: <43E7D430.2010006@tulsaconnect.com> References: <43E77B62.20805@tulsaconnect.com> <43E77E8F.5000300@ecs.soton.ac.uk> <43E79185.90401@tulsaconnect.com> <43E7D430.2010006@tulsaconnect.com> Message-ID: <43E813CE.7020904@tulsaconnect.com> TCIS List Acct wrote: > Ok, I've tracked down part of the problem (from the 4.48.4-2 release > notes): > > - Rearranged SpamAssassin spam.assassin.prefs.conf file, it is now read > by SpamAssassin via a link called "mailscanner.cf" in the site_rules > directory. It is no longer read directly by MailScanner, it is just > read by Spam-Assassin during its normal initialisation process. > > This really hosed those of us not using an RPM or install.sh script (and > those of us dumb enough not to read the relnotes before doing this :)) > -- it caused my SA prefs not to be read in, and thus caused SA to use > its default settings (Bayes on, DNS BL's on, etc) which caused the > majority of the performance problems. > Unfortunately the above was just a temporary fix -- the problem has cropped up again. Specifically, if I let 4.50.15 run for a few hours, it appears to leak memory and/or zombie perl processes to such an extent that the box runs out of RAM and swap space. This occurs with the new SpamAssassin cache turned off as well, so that isn't the issue. Here is a snippet of "top" when it is occurring: last pid: 97100; load averages: 16.75, 20.74, 26.46 up 63+05:29:19 21:18:11 297 processes: 53 running, 191 sleeping, 53 zombie CPU states: 22.6% user, 0.0% nice, 13.4% system, 0.3% interrupt, 63.7% idle Mem: 1529M Active, 183M Inact, 287M Wired, 7412K Cache, 199M Buf, 3004K Free Swap: 2048M Total, 960M Used, 1088M Free, 46% Inuse, 452K In, 4804K Out I have the number of child processes set at 10, but there are 100+ MailScanner processes according to a ps -aux | grep MailScanner $ ps -aux | grep MailScanner | wc -l 100 Note that downgrading to 4.47.4 on the same box (all I do is change the symlink to where /opt/MailScanner points to) immediately solves the issue and the box runs normally from that point on. The MailScanner.conf files for both versions are using near identical parameters (same number of a/v scanners, same DNSBL's being used, same spam.assassin.prefs.conf, etc) so I am certain it is something that changed code-wise between 4.47.4 and 4.50.15. Julian, I'll be happy to troubleshoot further if you give me some pointers on what to try next. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From ram at netcore.co.in Tue Feb 7 08:09:06 2006 From: ram at netcore.co.in (Ramprasad) Date: Tue Feb 7 08:08:06 2006 Subject: New speed benchmark In-Reply-To: <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> References: <443FEE3F-9EA1-46F7-88C8-A79D4FC67F24@ecs.soton.ac.uk> <1A926F82-A002-4985-854C-8FD97EA99898@ecs.soton.ac.uk> <43E22B7B.3000809@pixelhammer.com> <456CF431-DE8D-45DC-8E63-FD04864BB95C@ecs.soton.ac.uk> Message-ID: <1139299746.28848.1.camel@darkstar.netcore.co.in> On Fri, 2006-02-03 at 11:06 +0000, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > On 3 Feb 2006, at 10:36, Res wrote: > > > On Thu, 2 Feb 2006, DAve wrote: > > > >> Julian Field wrote: > >>> -----BEGIN PGP SIGNED MESSAGE----- > >>> I forgot to add the MTA is sendmail > >>> On 2 Feb 2006, at 14:59, Julian Field wrote: > >>>> > Old Signed: 02/02/06 at 14:59:40 > >>>> I have just done a speed test. > >>>> Hardware: dual Opteron, 4Gb RAM, SCSI disk. > >>>> Software: RHEL4, MailScanner 4.50, SpamAssassin, DCC, Razor, > >>>> clamavmodule > >>>> MailScanner setup: default > >>>> Speed: 770,000 messages per day > >> > >> What happens at 780,000 messages a day? > >> > > > > and at what loads > > Maintained about 10 which is what I would expect. And do you have any statistics on what was the average mailq What was the average time a message would remain in queue waiting to be picked up by mailscanner Thanks Ram From w.halsall at farn-ct.ac.uk Tue Feb 7 10:54:04 2006 From: w.halsall at farn-ct.ac.uk (WILL HALSALL) Date: Tue Feb 7 10:54:31 2006 Subject: OT: but Sendmail experst please help In-Reply-To: References: Message-ID: Hi Jim, At first I thought the e-mail was being delivered but after further investigation I don't think this is so. As you say the name generates a dns error. After some testing and googleing I was at a loss to see why the message was accepted for delivery at all. doing the sendmail -bt test gives the output you described and I am at a loss on how to stop. Thanks WillH Jim Holland writes: > On Sat, 4 Feb 2006, WILL HALSALL wrote: > >> I had a test message from maps regarding open relays. Our sendmail will >> accept for deliver messages of the format >> but will not accept mail for >> deliver with format . >> >> could one of the sendmail experts please explain how to stop this? below is >> the telnet session > >> rcpt to: >> 250 2.1.5 ... Recipient ok > > I have never seen the above address format. A common test is to send to > say will.halsall%hotmail.com@fcot5.farn-ct.ac.uk, which should be denied > by default with a current version of sendmail. However this is a > different format which I haven't seen being used for relaying. > > I tried a similar test to yours on sendmail 8.13 with my own domain and a > known yahoo.com address and found that the message was also accepted, > which was rather disappointing (as it can then lead to bounces being sent > to spoofed senders). The message ended up being undeliverable because > sendmail looked for the domain yahoo.com%mango.zw and said > "yahoo.com%mango.zw.: host not found". I am therefore puzzled as to how > your message ended up being delivered to will.halsall@hotmail.com. > > I would be interested to know what result you get by running "sendmail -bt" > and then entering at the prompt: > > 3,0 will.halsall@hotmail.com%fcot5.farn-ct.ac.uk > > If it resolves to will.halsall@hotmail.com then you definitely have a > problem. I get the following final output: > > parse returns: $# esmtp $@ hotmail . com % fcot5 . farn-ct . ac . uk . > $: will . halsall < @ hotmail . com % fcot5 . farn-ct . ac . uk . > > > which is clearly undeliverable. Your nameserver reports NXDOMAIN for the > domain hotmail.com%fcot5.farn-ct.ac.uk, so I am puzzled as to how the > message did get delivered. What does your maillog file say for the message? > > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ***************************************** Name: Will Halsall E-Mail: w.halsall@farn-ct.ac.uk ********************************************************************** This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify Farnborough College of Technology. E-mail: postmaster@farn-ct.ac.uk ********************************************************************** -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From roger at rudnick.com.br Tue Feb 7 11:12:39 2006 From: roger at rudnick.com.br (Roger Jochem) Date: Tue Feb 7 11:12:53 2006 Subject: sendmail greet_pause feature References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se><023301c62719$f6c921c0$0600a8c0@roger> <025101c6271c$7fe54fe0$0600a8c0@roger> Message-ID: <01e301c62bd7$68c19d40$0600a8c0@roger> I just enabled the greet_pause im my sendmail. I'm seing a lot of warnings in my maillog about messages being rejected becouse there was a pre-greeting traffic. Is there some way I could see what messages were this rejected messages, just to be sure I'm not rejecting "good mail". Regards Roger Jochem ----- Original Message ----- From: "Roger Jochem" To: "MailScanner discussion" Sent: Wednesday, February 01, 2006 8:44 AM Subject: Re: sendmail greet_pause feature > Dag Wieers repository has only sendmail 8.12, or I'm missing it. > > http://dag.wieers.com/packages/sendmail/ > > ----- Original Message ----- > From: "Julian Field" > To: "MailScanner discussion" > Sent: Wednesday, February 01, 2006 8:34 AM > Subject: Re: sendmail greet_pause feature > > >> -----BEGIN PGP SIGNED MESSAGE----- >> >> Don't forget to change MailScanner.conf to >> Lock Type = posix >> when you upgrade sendmail to 8.13. >> >> You should be able to find a good RPM of this, so you don't build it >> from source and put everything in odd locations. Try http:// >> dag.wieers.com/ and search his RPM repository. >> >> On 1 Feb 2006, at 10:26, Roger Jochem wrote: >> >>> I'm using the rpm version of sendmail in my centos-3 box (sendmail >>> 8.12) and I would like to upgrade to sendmail 8.13 to use this feature, >>> that seems really great. Is there some problem I should be aware, or >>> the tar.gz version found at sendmail.org would work fine on my machine? >>> Anyone using 8.13 at centos-3 or some similar OS? >>> >>> Regards >>> >>> Roger Jochem >>> >>> ----- Original Message ----- From: "Anders Andersson, IT" >>> >>> To: "MailScanner discussion" >>> Sent: Wednesday, February 01, 2006 8:01 AM >>> Subject: RE: sendmail greet_pause feature >>> >>> >>>>> -----Original Message----- >>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>>> Of Jim Holland >>>>> Sent: Wednesday, February 01, 2006 9:12 AM >>>>> To: MailScanner mailing list >>>>> Subject: OT: sendmail greet_pause feature >>>>> >>>>> Perhaps other sendmail users know all about this, but I have >>>>> only looked at it for the first time. >>>>> >>>>> I run sendmail 8.13.1 and have decided to implement the >>>>> greet_pause feature for the first time (after seeing that it >>>>> is a default option in Debian installations). This requires >>>>> a specified delay after connection, which can be network >>>>> specific, before a client system is allowed to send any SMTP >>>>> commands. Any client that breaks normal SMTP protocols by >>>>> trying to force commands before receiving the go-ahead is >>>>> immediately disconnected. This seems to distinguish very >>>>> successfully between genuine mailers and spammers/viruses >>>>> that are not RFC-compliant. >>>>> >>>>> Using a 5 second delay I have found that the system has >>>>> blocked over 3200 connections in the first 24 hours I used >>>>> it. The client systems were all typical of spammers, with >>>>> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR >>>>> record at all. I found only four systems in the blocked >>>>> group that looked as if they were genuine. On further >>>>> investigation I found that earlier log records for some of >>>>> those sites indicated behaviour typical of virus infections >>>>> in any case. >>>> >>>> I second that, thoguh I raised mine to 25 sec just for the fun of it. >>>> I >>>> started low but raised it by 5 sec eeverytime and its been running >>>> smooth. So far no one complained and the ones we have a great >>>> mailexchange with been added to acces list >>>> >>>> /Anders >>>> >>>>> >>>>> To implement the feature: >>>>> >>>>> Add the following to the sendmail.mc file: >>>>> >>>>> FEATURE(`greet_pause', `5000')dnl 5 seconds >>>>> >>>>> Rebuild sendmail and restart MailScanner: >>>>> >>>>> m4 < sendmail.mc > sendmail.cf >>>>> service MailScanner restart >>>>> >>>>> Then specific entries for client hostname, domain, IP address >>>>> or subnet can be put in the access file: >>>>> >>>>> GreetPause:my.domain 0 >>>>> GreetPause:example.com 5000 >>>>> GreetPause:10.1.2 2000 >>>>> GreetPause:127.0.0.1 0 >>>>> >>>>> Definitely worth a look I would say, as it blocks large >>>>> numbers of spammers before they are allowed to send any data, >>>>> with very low risk of blocking genuine systems. It even >>>>> seems to allow genuine mail from infected systems to be >>>>> accepted while blocking viruses from those same systems >>>>> before the DATA phase - as many viruses seem to behave rather >>>>> impolitely :-) >>>>> >>>>> Regards >>>>> >>>>> Jim Holland >>>>> System Administrator >>>>> MANGO - Zimbabwe's non-profit e-mail service >>>> -- >>>> MailScanner mailing list >>>> MailScanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> -- >>> MailScanner mailing list >>> MailScanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.4 (Build 4042) >> >> iQEVAwUBQ+COxvw32o+k+q+hAQEk7wf/Q9y6EeZmJCzFbTlpFvss0uhmMK/2udxG >> 1sSAG0ZkIF6MdWbsIumW/LX8nmq7H5JoJAApLF7k6FgfVhgBgINe1ZTpY9qEC3Pn >> ByuSoTuCudkLxp/OxCvhl6oTFkSRfN9ESnl58Q7Ydgjr8CUzaRh3DxPEmE+8s0tC >> pdAoiW3JOGgk0Y8T9k+LZov8SucJWPeQnm6YbZJSfe72Gx6Equ3D8Mm2VdK1/tkB >> Pc24EilDpqJyuYAwWK7CT3xJOWin4u5zf6TOQfcJwAgM5grPwU8AW+/aU3O+iN6q >> lff0F9v5Xx08ShTCd5ZUw5zvUWSts3orF7O0czO58/h6MpveiNtwuA== >> =QCbF >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> MailScanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > MailScanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From nerijus at users.sourceforge.net Tue Feb 7 11:23:49 2006 From: nerijus at users.sourceforge.net (Nerijus Baliunas) Date: Tue Feb 7 11:30:17 2006 Subject: bayes_toks.expire1090 In-Reply-To: <43CE95F4.3030105@ecs.soton.ac.uk> References: <20060118191054.8E364BFAF@mx.dtiltas.lt> <43CE95F4.3030105@ecs.soton.ac.uk> Message-ID: <20060207112952.9C62ABF55@mx.dtiltas.lt> On Wed, 18 Jan 2006 19:24:36 +0000 Julian Field wrote: > Nerijus Baliunas wrote: > > I have lots of bayes_toks.expire1090, bayes_toks.expire15302, etc files > > in /var/spool/MailScanner/spamassassin. Where are they appearing from? > > RH AS 4, mailscanner-4.49.7, postfix, spamassassin-3.0.4. > > They are due to SpamAssassin timeouts occurring during Bayes database > rebuilds. Your best bet is to upgrade to 4.50, as I fixed an issue > connected to this, and configure MailScanner to do the Bayes rebuilds. How often do Bayes database rebuilds happen by default (if I have Rebuild Bayes Every = 0)? I have set it to 86400 and it seems it fixed it on this system. But on another system (mailscanner 4.50.15, sendmail) bayes_toks.expire26480 files still appear. Changed to Rebuild Bayes Every = 86400, didn't help. Then changed to Wait During Bayes Rebuild = yes, didn't help neither. Regards, Nerijus From nerijus at users.sourceforge.net Tue Feb 7 11:34:31 2006 From: nerijus at users.sourceforge.net (Nerijus Baliunas) Date: Tue Feb 7 11:34:39 2006 Subject: sendmail greet_pause feature In-Reply-To: <1f8fae340602020153i1a1b061h@mail.gmail.com> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se><023301c62719$f6c921c0$0600a8c0@roger><20060201161203.M49950@smi.com.pe> <1f8fae340602020153i1a1b061h@mail.gmail.com> Message-ID: <20060207113423.E2CFABE2E@mx.dtiltas.lt> On Thu, 2 Feb 2006 09:53:08 +0000 Will McDonald wrote: > > On Linux, sendmail 8.13 and upwards needs posix, anything before 8.13 > > needs flock. > > Is locking autodetecting, if you see what I mean? In the > MailScanner.conf it says... > > # How to lock spool files. > # Don't set this unless you know you need to. > # For sendmail, it defaults to "flock". > # For sendmail 8.13 onwards, you will probably need to change it to posix. Hmm, I have in my MailScanner.conf from 4.50.15: # For sendmail, it defaults to "posix". # For sendmail 8.12 and older, you will probably need to change it to flock > Does MailScanner know I'm running 8.13 or should I force posix locking? What do your logs say? I have sendmail 8.12, Lock Type is empty, so it should use "posix" as written above, but I see in the logs: MailScanner E-Mail Virus Scanner version 4.50.15 starting... Read 701 hostnames from the phishing whitelist Using SpamAssassin results cache Connected to SpamAssassin cache database Enabling SpamAssassin auto-whitelist functionality... Using locktype = flock Why is it using "flock"? I understand that for my sendmail version it is a correct setting, but according to the comment above it should use "posix", shouldn't it? I suspect Julian changed comment, but then decided to not make this change and forgot to change comment back. Regards, Nerijus From MailScanner at ecs.soton.ac.uk Tue Feb 7 11:42:47 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 7 11:42:59 2006 Subject: More 4.50.15 woes on FreeBSD In-Reply-To: <43E813CE.7020904@tulsaconnect.com> References: <43E77B62.20805@tulsaconnect.com> <43E77E8F.5000300@ecs.soton.ac.uk> <43E79185.90401@tulsaconnect.com> <43E7D430.2010006@tulsaconnect.com> <43E813CE.7020904@tulsaconnect.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 7 Feb 2006, at 03:28, TCIS List Acct wrote: > TCIS List Acct wrote: > >> Ok, I've tracked down part of the problem (from the 4.48.4-2 >> release notes): >> - Rearranged SpamAssassin spam.assassin.prefs.conf file, it is now >> read by SpamAssassin via a link called "mailscanner.cf" in the >> site_rules directory. It is no longer read directly by >> MailScanner, it is just read by Spam-Assassin during its normal >> initialisation process. >> This really hosed those of us not using an RPM or install.sh >> script (and those of us dumb enough not to read the relnotes >> before doing this :)) -- it caused my SA prefs not to be read in, >> and thus caused SA to use its default settings (Bayes on, DNS BL's >> on, etc) which caused the majority of the performance problems. > > Unfortunately the above was just a temporary fix -- the problem has > cropped up again. Specifically, if I let 4.50.15 run for a few > hours, it appears to leak memory and/or zombie perl processes to > such an extent that the box runs out of RAM and swap space. This > occurs with the new SpamAssassin cache turned off as well, so that > isn't the issue. Here is a snippet of "top" when it is occurring: > > last pid: 97100; load averages: 16.75, 20.74, > 26.46 up 63+05:29:19 21:18:11 > 297 processes: 53 running, 191 sleeping, 53 zombie > CPU states: 22.6% user, 0.0% nice, 13.4% system, 0.3% interrupt, > 63.7% idle > Mem: 1529M Active, 183M Inact, 287M Wired, 7412K Cache, 199M Buf, > 3004K Free > Swap: 2048M Total, 960M Used, 1088M Free, 46% Inuse, 452K In, 4804K > Out > > I have the number of child processes set at 10, but there are 100+ > MailScanner processes according to a ps -aux | grep MailScanner > > $ ps -aux | grep MailScanner | wc -l > 100 > > Note that downgrading to 4.47.4 on the same box (all I do is change > the symlink to where /opt/MailScanner points to) immediately solves > the issue and the box runs normally from that point on. The > MailScanner.conf files for both versions are using near identical > parameters (same number of a/v scanners, same DNSBL's being used, > same spam.assassin.prefs.conf, etc) so I am certain it is something > that changed code-wise between 4.47.4 and 4.50.15. > > Julian, I'll be happy to troubleshoot further if you give me some > pointers on what to try next. Please edit Message.pm and locate line 1434 which should say if (MailScanner::Config::Value('mta') =~ /sendmail|exim|postfix/i) { I don't know what MTA you are running, so you will need to choose the appropriate bit of the line above so that instead of saying sendmail| exim|postfix it says exim|postfix for example. Note the | symbol is a pipe (vertical line separator) and not a lower case ell or upper case eye. Then perl -c Message.pm to check you got it right. Then restart MailScanner. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+iHu/w32o+k+q+hAQEVIgf/TlXbU7QZeuc59b/G95vxOWbNhKQ5YdX0 FqaBdU8hddnutaZcIXYbgLaObci0gBiYTvZF7YQOqzb5lsN0g40/NBUN8kZ/vnpR TRKWIdoyIY8iw7qH0z+47Ry0TQtYOS4b38laCtRroq478/M1OGcNqJeSJwOryP+0 VXNLJ7FXrZc8m1mK3ejtDsyz4x/NxsUNOrDSWs5jm5Qm2Twof4z/tIes66Ghsf9x C9TxREpNGkGMUs/Sxr58J+Yh6yeCm+RQA1qpzMqrsvgooTtI1K1vzC+WVVwdqSbe W/HCht4daLtZ6Kw4egFw1qWGlbyp2Pru82I/0TnNkJeBHMhfJTU+aw== =GZoD -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From wmcdonald at gmail.com Tue Feb 7 11:43:30 2006 From: wmcdonald at gmail.com (Will McDonald) Date: Tue Feb 7 11:43:33 2006 Subject: sendmail greet_pause feature In-Reply-To: <01e301c62bd7$68c19d40$0600a8c0@roger> References: <5EBABD62DC5AC048AD8AEC3312E02D4CCD2F5F@exchange03.lkl.ltkalmar.se> <023301c62719$f6c921c0$0600a8c0@roger> <025101c6271c$7fe54fe0$0600a8c0@roger> <01e301c62bd7$68c19d40$0600a8c0@roger> Message-ID: <1f8fae340602070343j49716b27l@mail.gmail.com> On 07/02/06, Roger Jochem wrote: > I just enabled the greet_pause im my sendmail. I'm seing a lot of warnings > in my maillog about messages being rejected becouse there was a pre-greeting > traffic. Is there some way I could see what messages were this rejected > messages, just to be sure I'm not rejecting "good mail". Given what greet_pause is doing, and why, I doubt there's anyway you're going to get more than is already contained in the log message. Most of the rejections we've seen since enabling it last week have been * from IP addresses without reverse DNS * within dynamically assigned ranges (DSL, cable modems and the like) * from *.pl, *.ru, *.kr and other usually suspicious TLDs. Try something like... $ awk '/due to pre-greeting/ { print $10 }' /var/log/maillog | sort -u Have a scan through and the chances are it'll all be suspicious looking. And remember, even if the reverse lookup makes them look potentially legit, they're still trying to inject mail traffic before you've told them to, which should immediately raise concerns. Will. From MailScanner at ecs.soton.ac.uk Tue Feb 7 11:45:03 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 7 11:45:11 2006 Subject: bayes_toks.expire1090 In-Reply-To: <20060207112952.9C62ABF55@mx.dtiltas.lt> References: <20060118191054.8E364BFAF@mx.dtiltas.lt> <43CE95F4.3030105@ecs.soton.ac.uk> <20060207112952.9C62ABF55@mx.dtiltas.lt> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 7 Feb 2006, at 11:23, Nerijus Baliunas wrote: > On Wed, 18 Jan 2006 19:24:36 +0000 Julian Field > wrote: > >> Nerijus Baliunas wrote: >>> I have lots of bayes_toks.expire1090, bayes_toks.expire15302, etc >>> files >>> in /var/spool/MailScanner/spamassassin. Where are they appearing >>> from? >>> RH AS 4, mailscanner-4.49.7, postfix, spamassassin-3.0.4. >> >> They are due to SpamAssassin timeouts occurring during Bayes database >> rebuilds. Your best bet is to upgrade to 4.50, as I fixed an issue >> connected to this, and configure MailScanner to do the Bayes >> rebuilds. > > How often do Bayes database rebuilds happen by default (if I have > Rebuild Bayes Every = 0)? **PLEASE** read the documentation. The line immediaetly above this setting answers this question. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEUAwUBQ+iIQvw32o+k+q+hAQEysAf47G4hxM9+u+OW1Z7qgECXYj8sozHCxvqW 1Kb5KpelKx6+GfkMOl363x89SOCOKgzQxLn9/B4mn+vY+FnvOXjUp7SHERV/YhOl 2UkhqEPIGBCgP/jHZTvBUEpAnulNTtQpAFRayt++WwnQolvU30Jv3sbe7R8/g8tL TI+3N6am6s6bnkAfOA2Xm21pc7HbhVCZUkKrIY7+5fegTzylDmB973RqIRsEuaOl P7X3GiN6UxxZYrvldI5S365O4eFfcE9W+Bn1V+uWYGPY6aaIk0WblZPWZS0SuEac pYEhjDHoYQ2sL3MvbV1sNxIAeesNR9AOZ8hZs406hMcvJq7QnsZ8 =MVLr -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Tue Feb 7 11:46:36 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Feb 7 11:46:49 2006 Subject: sendmail greet_pause feature Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580B0D3B80@isabella.herefordshire.gov.uk> You can't - the reject happens in the early stages of the smtp transaction, because the machine connecting isn't following the smtp RFC. That's the whole point of it. So all you're going to see is the IP of the dodgy sender. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Roger Jochem > Sent: 07 February 2006 11:13 > To: MailScanner discussion > Subject: Re: sendmail greet_pause feature > > I just enabled the greet_pause im my sendmail. I'm seing a > lot of warnings in my maillog about messages being rejected > becouse there was a pre-greeting traffic. Is there some way I > could see what messages were this rejected messages, just to > be sure I'm not rejecting "good mail". > > Regards > > Roger Jochem > > ----- Original Message ----- > From: "Roger Jochem" > To: "MailScanner discussion" > Sent: Wednesday, February 01, 2006 8:44 AM > Subject: Re: sendmail greet_pause feature > > > > Dag Wieers repository has only sendmail 8.12, or I'm missing it. > > > > http://dag.wieers.com/packages/sendmail/ > > > > ----- Original Message ----- > > From: "Julian Field" > > To: "MailScanner discussion" > > Sent: Wednesday, February 01, 2006 8:34 AM > > Subject: Re: sendmail greet_pause feature > > > > > >> -----BEGIN PGP SIGNED MESSAGE----- > >> > >> Don't forget to change MailScanner.conf to > >> Lock Type = posix > >> when you upgrade sendmail to 8.13. > >> > >> You should be able to find a good RPM of this, so you > don't build it > >> from source and put everything in odd locations. Try http:// > >> dag.wieers.com/ and search his RPM repository. > >> > >> On 1 Feb 2006, at 10:26, Roger Jochem wrote: > >> > >>> I'm using the rpm version of sendmail in my centos-3 box > (sendmail > >>> 8.12) and I would like to upgrade to sendmail 8.13 to use > this feature, > >>> that seems really great. Is there some problem I should > be aware, or > >>> the tar.gz version found at sendmail.org would work fine > on my machine? > >>> Anyone using 8.13 at centos-3 or some similar OS? > >>> > >>> Regards > >>> > >>> Roger Jochem > >>> > >>> ----- Original Message ----- From: "Anders Andersson, IT" > >>> > >>> To: "MailScanner discussion" > >>> Sent: Wednesday, February 01, 2006 8:01 AM > >>> Subject: RE: sendmail greet_pause feature > >>> > >>> > >>>>> -----Original Message----- > >>>>> From: mailscanner-bounces@lists.mailscanner.info > >>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > >>>>> Of Jim Holland > >>>>> Sent: Wednesday, February 01, 2006 9:12 AM > >>>>> To: MailScanner mailing list > >>>>> Subject: OT: sendmail greet_pause feature > >>>>> > >>>>> Perhaps other sendmail users know all about this, but I have > >>>>> only looked at it for the first time. > >>>>> > >>>>> I run sendmail 8.13.1 and have decided to implement the > >>>>> greet_pause feature for the first time (after seeing that it > >>>>> is a default option in Debian installations). This requires > >>>>> a specified delay after connection, which can be network > >>>>> specific, before a client system is allowed to send any SMTP > >>>>> commands. Any client that breaks normal SMTP protocols by > >>>>> trying to force commands before receiving the go-ahead is > >>>>> immediately disconnected. This seems to distinguish very > >>>>> successfully between genuine mailers and spammers/viruses > >>>>> that are not RFC-compliant. > >>>>> > >>>>> Using a 5 second delay I have found that the system has > >>>>> blocked over 3200 connections in the first 24 hours I used > >>>>> it. The client systems were all typical of spammers, with > >>>>> adsl/ppp/dhcp/dialup/cable/cpe type hostnames or no PTR > >>>>> record at all. I found only four systems in the blocked > >>>>> group that looked as if they were genuine. On further > >>>>> investigation I found that earlier log records for some of > >>>>> those sites indicated behaviour typical of virus infections > >>>>> in any case. > >>>> > >>>> I second that, thoguh I raised mine to 25 sec just for > the fun of it. > >>>> I > >>>> started low but raised it by 5 sec eeverytime and its > been running > >>>> smooth. So far no one complained and the ones we have a great > >>>> mailexchange with been added to acces list > >>>> > >>>> /Anders > >>>> > >>>>> > >>>>> To implement the feature: > >>>>> > >>>>> Add the following to the sendmail.mc file: > >>>>> > >>>>> FEATURE(`greet_pause', `5000')dnl 5 seconds > >>>>> > >>>>> Rebuild sendmail and restart MailScanner: > >>>>> > >>>>> m4 < sendmail.mc > sendmail.cf > >>>>> service MailScanner restart > >>>>> > >>>>> Then specific entries for client hostname, domain, IP address > >>>>> or subnet can be put in the access file: > >>>>> > >>>>> GreetPause:my.domain 0 > >>>>> GreetPause:example.com 5000 > >>>>> GreetPause:10.1.2 2000 > >>>>> GreetPause:127.0.0.1 0 > >>>>> > >>>>> Definitely worth a look I would say, as it blocks large > >>>>> numbers of spammers before they are allowed to send any data, > >>>>> with very low risk of blocking genuine systems. It even > >>>>> seems to allow genuine mail from infected systems to be > >>>>> accepted while blocking viruses from those same systems > >>>>> before the DATA phase - as many viruses seem to behave rather > >>>>> impolitely :-) > >>>>> > >>>>> Regards > >>>>> > >>>>> Jim Holland > >>>>> System Administrator > >>>>> MANGO - Zimbabwe's non-profit e-mail service > >>>> -- > >>>> MailScanner mailing list > >>>> MailScanner@lists.mailscanner.info > >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>> > >>>> Before posting, read http://wiki.mailscanner.info/posting > >>>> > >>>> Support MailScanner development - buy the book off the website! > >>> > >>> -- > >>> MailScanner mailing list > >>> MailScanner@lists.mailscanner.info > >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>> > >>> Before posting, read http://wiki.mailscanner.info/posting > >>> > >>> Support MailScanner development - buy the book off the website! > >> > >> - -- > >> Julian Field > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >> > >> -----BEGIN PGP SIGNATURE----- > >> Version: PGP Desktop 9.0.4 (Build 4042) > >> > >> iQEVAwUBQ+COxvw32o+k+q+hAQEk7wf/Q9y6EeZmJCzFbTlpFvss0uhmMK/2udxG > >> 1sSAG0ZkIF6MdWbsIumW/LX8nmq7H5JoJAApLF7k6FgfVhgBgINe1ZTpY9qEC3Pn > >> ByuSoTuCudkLxp/OxCvhl6oTFkSRfN9ESnl58Q7Ydgjr8CUzaRh3DxPEmE+8s0tC > >> pdAoiW3JOGgk0Y8T9k+LZov8SucJWPeQnm6YbZJSfe72Gx6Equ3D8Mm2VdK1/tkB > >> Pc24EilDpqJyuYAwWK7CT3xJOWin4u5zf6TOQfcJwAgM5grPwU8AW+/aU3O+iN6q > >> lff0F9v5Xx08ShTCd5ZUw5zvUWSts3orF7O0czO58/h6MpveiNtwuA== > >> =QCbF > >> -----END PGP SIGNATURE----- > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> -- > >> MailScanner mailing list > >> MailScanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > -- > > MailScanner mailing list > > MailScanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From nerijus at users.sourceforge.net Tue Feb 7 11:55:16 2006 From: nerijus at users.sourceforge.net (Nerijus Baliunas) Date: Tue Feb 7 11:55:31 2006 Subject: bayes_toks.expire1090 In-Reply-To: References: <20060118191054.8E364BFAF@mx.dtiltas.lt><43CE95F4.3030105@ecs.soton.ac.uk><20060207112952.9C62ABF55@mx.dtiltas.lt> Message-ID: <20060207115515.04305BE2A@mx.dtiltas.lt> On Tue, 7 Feb 2006 11:45:03 +0000 Julian Field wrote: > > How often do Bayes database rebuilds happen by default (if I have > > Rebuild Bayes Every = 0)? > > **PLEASE** read the documentation. The line immediaetly above this > setting answers this question. Hmm, I read it: # If you are using the Bayesian statistics engine on a busy server, # you may well need to force a Bayesian database rebuild and expiry # at regular intervals. This is measures in seconds. # 1 day = 86400 seconds. # To disable this feature set this to 0. Rebuild Bayes Every = 0 So I understand that by default (Rebuild Bayes Every = 0) MailScanner does not rebuild it. What I wanted to ask, how often spamassassin itself rebuilds it? Never? Because if never, where are these bayes_toks.expire26719 files apeearing from? Regards, Nerijus From prandal at herefordshire.gov.uk Tue Feb 7 12:36:03 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Feb 7 12:38:01 2006 Subject: sendmail greet_pause feature Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580B0D3BA2@isabella.herefordshire.gov.uk> Looking at the last couple of days' sendmail logs I'm finding a few who really should know better falling foul of a greet_pause 10 second delay: ncsmtp02.partner.nspcc.org.uk gateway.brent.gov.uk and these ISPs. Tut tut! various mx servers at mail.freeuk.net (mx0.mail.freeuk.net, mx1) various mx servers at mail.uk.clara.net (mx0.mail.uk.clara.net through mx5) store0.mail.uk.easynet.net Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Will McDonald > Sent: 07 February 2006 11:44 > To: MailScanner discussion > Subject: Re: sendmail greet_pause feature > > On 07/02/06, Roger Jochem wrote: > > I just enabled the greet_pause im my sendmail. I'm seing a lot of > > warnings in my maillog about messages being rejected > becouse there was > > a pre-greeting traffic. Is there some way I could see what messages > > were this rejected messages, just to be sure I'm not > rejecting "good mail". > > Given what greet_pause is doing, and why, I doubt there's > anyway you're going to get more than is already contained in > the log message. > > Most of the rejections we've seen since enabling it last week > have been > > * from IP addresses without reverse DNS > * within dynamically assigned ranges (DSL, cable modems and the like) > * from *.pl, *.ru, *.kr and other usually suspicious TLDs. > > Try something like... > > $ awk '/due to pre-greeting/ { print $10 }' /var/log/maillog | sort -u > > Have a scan through and the chances are it'll all be > suspicious looking. And remember, even if the reverse lookup > makes them look potentially legit, they're still trying to > inject mail traffic before you've told them to, which should > immediately raise concerns. > > Will. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From glenn.steen at gmail.com Tue Feb 7 13:03:06 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 7 13:03:09 2006 Subject: ALL_TRUSTED problems In-Reply-To: References: Message-ID: <223f97700602070503id21fee1y@mail.gmail.com> On 07/02/06, Scott Silva wrote: > Richard Edge spake the following on 2/6/2006 3:10 PM: > > Yes, the symlink is in place. I am beginning to think that removing > > MailScanner and reinstalling from scratch is looking a little more > > attractive at this point too. > > > > I take it that all I need to do to remove it is the delete the follwing > > directories and their contents: > > > > /etc/MailScanner > > /usr/lib/MailScanner > > /usr/sbin/MailScanner > > > > If I want to install SA 3.1 from scratch, what do I need to do other > > than Julian's earlier suggestion of removing SpamAssassin.pm > > > > Richard Edge > > Senior Systems Administrator | Technology Services > > Trinity Western University | t: 604.513.2089 > > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > > > > > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott > > Silva > > Sent: Monday, February 06, 2006 2:14 PM > > To: mailscanner@lists.mailscanner.info > > Subject: Re: ALL_TRUSTED problems > > > > Richard Edge spake the following on 2/6/2006 9:30 AM: > >> Hi Scott, > >> > >> I tried your suggestion, but still no joy. Thanks anyways. > >> > >> Richard Edge > >> Senior Systems Administrator | Technology Services Trinity Western > >> University | t: 604.513.2089 > >> f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > > Have you verified that your /etc/mail/spamassassin/mailscanner.cf is a > > symlink to /etc/MailScanner/spam.assassin.prefs.conf? > > > > Otherwise, I'm at a loss. Maybe time to hose the MailScanner and > > Spamassassin installs, and start over? > > > > > > > That should do it, but you might want to mv instead of rm, just in case. > > You can always kill it later. I always keep one stable version back, just in case. > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > If you're on an RPM install/system, you'd better use cp (ro back them up) and rpm -e (on the relevant package ... mailscanner, I'd imagine), to keep the rpm database in sync with reality. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ugob at camo-route.com Tue Feb 7 13:04:44 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Tue Feb 7 13:05:26 2006 Subject: 4.50.14 possible bug Message-ID: Hi, Even tough I have: Log Speed = no I get these in my logs: Feb 7 07:27:37 mta1 MailScanner[19403]: Batch processed in 36.65 seconds Feb 7 07:27:37 mta1 MailScanner[19403]: Logging message k17COSFG019175 to SQL Feb 7 07:27:37 mta1 MailScanner[19403]: Logging message k17CN0FG019106 to SQL Feb 7 07:27:37 mta1 MailScanner[19403]: "Always Looked Up Last" took 0.05 secon ds I double-checked the setting and restarted twice... Is that normal? Regards, -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. From glenn.steen at gmail.com Tue Feb 7 13:18:20 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 7 13:18:23 2006 Subject: 4.50.14 possible bug In-Reply-To: References: Message-ID: <223f97700602070518h7d369b2fm@mail.gmail.com> On 07/02/06, Ugo Bellavance wrote: > Hi, > > Even tough I have: > > Log Speed = no > > I get these in my logs: > > Feb 7 07:27:37 mta1 MailScanner[19403]: Batch processed in 36.65 seconds > Feb 7 07:27:37 mta1 MailScanner[19403]: Logging message k17COSFG019175 > to SQL > Feb 7 07:27:37 mta1 MailScanner[19403]: Logging message k17CN0FG019106 > to SQL > Feb 7 07:27:37 mta1 MailScanner[19403]: "Always Looked Up Last" took > 0.05 secon > ds > > I double-checked the setting and restarted twice... Is that normal? > > Regards, > > -- > Ugo > > -> Please don't send a copy of your reply by e-mail. I read the list. > -> Please avoid top-posting, long signatures and HTML, and cut the > irrelevant parts in your replies. > Hi Ugo, There is/was an ongoing thread about this, that basically covers the why and how etc of this one. Executive summary is: Jeff wanted it, Jules liked the idea, and now we all get it. Some others rather didin't like it... So ... You are not alone ... (Me, I'm still on the fence:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at nkpanama.com Tue Feb 7 13:21:30 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Feb 7 13:21:41 2006 Subject: sendmail greet_pause feature In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580B0D3BA2@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580B0D3BA2@isabella.herefordshire.gov.uk> Message-ID: <43E89EDA.5020902@nkpanama.com> Whitelist them using the access db (put their netblocks or domains on a, say, 3 second delay instead). Randal, Phil wrote: > Looking at the last couple of days' sendmail logs I'm finding a few who > really should know better falling foul of a greet_pause 10 second delay: > > ncsmtp02.partner.nspcc.org.uk > gateway.brent.gov.uk > > and these ISPs. Tut tut! > > various mx servers at mail.freeuk.net (mx0.mail.freeuk.net, mx1) > various mx servers at mail.uk.clara.net (mx0.mail.uk.clara.net through > mx5) > store0.mail.uk.easynet.net > > Cheers, > > Phil > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Will McDonald >> Sent: 07 February 2006 11:44 >> To: MailScanner discussion >> Subject: Re: sendmail greet_pause feature >> >> On 07/02/06, Roger Jochem wrote: >> >>> I just enabled the greet_pause im my sendmail. I'm seing a lot of >>> warnings in my maillog about messages being rejected >>> >> becouse there was >> >>> a pre-greeting traffic. Is there some way I could see what messages >>> were this rejected messages, just to be sure I'm not >>> >> rejecting "good mail". >> >> Given what greet_pause is doing, and why, I doubt there's >> anyway you're going to get more than is already contained in >> the log message. >> >> Most of the rejections we've seen since enabling it last week >> have been >> >> * from IP addresses without reverse DNS >> * within dynamically assigned ranges (DSL, cable modems and the like) >> * from *.pl, *.ru, *.kr and other usually suspicious TLDs. >> >> Try something like... >> >> $ awk '/due to pre-greeting/ { print $10 }' /var/log/maillog | sort -u >> >> Have a scan through and the chances are it'll all be >> suspicious looking. And remember, even if the reverse lookup >> makes them look potentially legit, they're still trying to >> inject mail traffic before you've told them to, which should >> immediately raise concerns. >> >> Will. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From listacct at tulsaconnect.com Tue Feb 7 13:41:15 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Tue Feb 7 13:41:18 2006 Subject: More 4.50.15 woes on FreeBSD In-Reply-To: References: <43E77B62.20805@tulsaconnect.com> <43E77E8F.5000300@ecs.soton.ac.uk> <43E79185.90401@tulsaconnect.com> <43E7D430.2010006@tulsaconnect.com> <43E813CE.7020904@tulsaconnect.com> Message-ID: <43E8A37B.6020608@tulsaconnect.com> Julian Field wrote: > Please edit Message.pm and locate line 1434 which should say > > if (MailScanner::Config::Value('mta') =~ /sendmail|exim|postfix/i) { > > I don't know what MTA you are running, so you will need to choose the > appropriate bit of the line above so that instead of saying sendmail| > exim|postfix it says exim|postfix for example. Note the | symbol is a > pipe (vertical line separator) and not a lower case ell or upper case > eye. > > Then > perl -c Message.pm > to check you got it right. > > Then restart MailScanner. I'm running exim 4.34-0 on FreeBSD 4.9. With that in mind, should I edit the line to say: if (MailScanner::Config::Value('mta') =~ /exim|postfix/i) { TIA. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From MailScanner at ecs.soton.ac.uk Tue Feb 7 13:47:47 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 7 13:47:57 2006 Subject: More 4.50.15 woes on FreeBSD In-Reply-To: <43E8A37B.6020608@tulsaconnect.com> References: <43E77B62.20805@tulsaconnect.com> <43E77E8F.5000300@ecs.soton.ac.uk> <43E79185.90401@tulsaconnect.com> <43E7D430.2010006@tulsaconnect.com> <43E813CE.7020904@tulsaconnect.com> <43E8A37B.6020608@tulsaconnect.com> Message-ID: <7473B3C6-CEF8-47A4-B391-250DC8C5CC45@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 7 Feb 2006, at 13:41, TCIS List Acct wrote: > > > Julian Field wrote: > >> Please edit Message.pm and locate line 1434 which should say >> if (MailScanner::Config::Value('mta') =~ /sendmail|exim|postfix/i) { >> I don't know what MTA you are running, so you will need to choose >> the appropriate bit of the line above so that instead of saying >> sendmail| exim|postfix it says exim|postfix for example. Note the >> | symbol is a pipe (vertical line separator) and not a lower case >> ell or upper case eye. >> Then >> perl -c Message.pm >> to check you got it right. >> Then restart MailScanner. > > I'm running exim 4.34-0 on FreeBSD 4.9. With that in mind, should > I edit the line to say: > > if (MailScanner::Config::Value('mta') =~ /exim|postfix/i) { No, you should do the exact opposite, so you want /sendmail|postfix/i) { - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+ilBvw32o+k+q+hAQHxCwf/WoI+RjxsItVe3NG4bcU1714d56eMz+Mt dpyc+g4YBoTNxEUODnnFYJ6UhvMObnwg5IZ4LNR9FqoAmDTn8QGCfKju6cIZq0Bu cXZk7d3biDohncw6qlH6ZKUR9SPBJvtt+sCOtY9loPbx5UecCtUAQGVhxnkbGLP9 F4fYSCRo5FCXsiichJ//z9v8f+UZtzh7uvPFnVl1squKRGhKo2zDgL8XY7P+WZrr l3ZLCnMB9h5IG9p49ZMNtOtFZavjH8YDL+UW1K/LFEkwVIXXpA2rzn9kCv1EMxEK QGTYowL+4PYwGeSAN0oMkdHCV2TklwtAa+kcYLES17TolOdVg1oa/g== =ewx3 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Tue Feb 7 14:11:15 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Feb 7 14:13:53 2006 Subject: sendmail greet_pause feature Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580B0D3BCD@isabella.herefordshire.gov.uk> I've done that, it was more a cautionary note to others. greet_pause is currently catching about 10% of our incoming emails. Around 40% of our incoming mail was spam, so it helps. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Alex Neuman van der Hans > Sent: 07 February 2006 13:22 > To: MailScanner discussion > Subject: Re: sendmail greet_pause feature > > Whitelist them using the access db (put their netblocks or > domains on a, say, 3 second delay instead). > > Randal, Phil wrote: > > Looking at the last couple of days' sendmail logs I'm finding a few > > who really should know better falling foul of a greet_pause > 10 second delay: > > > > ncsmtp02.partner.nspcc.org.uk > > gateway.brent.gov.uk > > > > and these ISPs. Tut tut! > > > > various mx servers at mail.freeuk.net (mx0.mail.freeuk.net, mx1) > > various mx servers at mail.uk.clara.net > (mx0.mail.uk.clara.net through > > mx5) > > store0.mail.uk.easynet.net > > > > Cheers, > > > > Phil > > ---- > > Phil Randal > > Network Engineer > > Herefordshire Council > > Hereford, UK > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Will > >> McDonald > >> Sent: 07 February 2006 11:44 > >> To: MailScanner discussion > >> Subject: Re: sendmail greet_pause feature > >> > >> On 07/02/06, Roger Jochem wrote: > >> > >>> I just enabled the greet_pause im my sendmail. I'm seing a lot of > >>> warnings in my maillog about messages being rejected > >>> > >> becouse there was > >> > >>> a pre-greeting traffic. Is there some way I could see > what messages > >>> were this rejected messages, just to be sure I'm not > >>> > >> rejecting "good mail". > >> > >> Given what greet_pause is doing, and why, I doubt there's anyway > >> you're going to get more than is already contained in the log > >> message. > >> > >> Most of the rejections we've seen since enabling it last week have > >> been > >> > >> * from IP addresses without reverse DNS > >> * within dynamically assigned ranges (DSL, cable modems > and the like) > >> * from *.pl, *.ru, *.kr and other usually suspicious TLDs. > >> > >> Try something like... > >> > >> $ awk '/due to pre-greeting/ { print $10 }' > /var/log/maillog | sort > >> -u > >> > >> Have a scan through and the chances are it'll all be suspicious > >> looking. And remember, even if the reverse lookup makes them look > >> potentially legit, they're still trying to inject mail > traffic before > >> you've told them to, which should immediately raise concerns. > >> > >> Will. > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > >> > > -- > > Alex Neuman van der Hans > N&K Technology Consultants > Tel. +507 214-9002 - http://nkpanama.com/ > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From gdoris at rogers.com Tue Feb 7 14:16:01 2006 From: gdoris at rogers.com (Gerry Doris) Date: Tue Feb 7 14:16:41 2006 Subject: 4.50.14 possible bug In-Reply-To: <223f97700602070518h7d369b2fm@mail.gmail.com> References: <223f97700602070518h7d369b2fm@mail.gmail.com> Message-ID: <43E8ABA1.7040801@rogers.com> Glenn Steen wrote: > On 07/02/06, Ugo Bellavance wrote: > >>Hi, >> >>Even tough I have: >> >>Log Speed = no >> >>I get these in my logs: >> >>Feb 7 07:27:37 mta1 MailScanner[19403]: Batch processed in 36.65 seconds >>Feb 7 07:27:37 mta1 MailScanner[19403]: Logging message k17COSFG019175 >>to SQL >>Feb 7 07:27:37 mta1 MailScanner[19403]: Logging message k17CN0FG019106 >>to SQL >>Feb 7 07:27:37 mta1 MailScanner[19403]: "Always Looked Up Last" took >>0.05 secon >>ds >> >>I double-checked the setting and restarted twice... Is that normal? >> >>Regards, >> >>-- >>Ugo >> >>-> Please don't send a copy of your reply by e-mail. I read the list. >>-> Please avoid top-posting, long signatures and HTML, and cut the >>irrelevant parts in your replies. >> > > Hi Ugo, > > There is/was an ongoing thread about this, that basically covers the > why and how etc of this one. Executive summary is: Jeff wanted it, > Jules liked the idea, and now we all get it. Some others rather > didin't like it... So ... You are not alone ... (Me, I'm still on the > fence:-). > -- > -- Glenn Glenn is correct. The Log Speed setting doesn't affect the logging of the items you mentioned. I'm not sure what it does stop??? In any case, if you don't want the speed logging then you'll need to comment out the appropriate lines in MessageBatch.pm. From MailScanner at ecs.soton.ac.uk Tue Feb 7 14:45:05 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 7 14:45:15 2006 Subject: 4.50.14 possible bug In-Reply-To: <43E8ABA1.7040801@rogers.com> References: <223f97700602070518h7d369b2fm@mail.gmail.com> <43E8ABA1.7040801@rogers.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Remind me in about 10 days about this, and I'll add a line so that the last line of your output is not logged unless Log Speed is switched on. I'm on holiday in 1.25 hours :-) On 7 Feb 2006, at 14:16, Gerry Doris wrote: > Glenn Steen wrote: >> On 07/02/06, Ugo Bellavance wrote: >>> Hi, >>> >>> Even tough I have: >>> >>> Log Speed = no >>> >>> I get these in my logs: >>> >>> Feb 7 07:27:37 mta1 MailScanner[19403]: Batch processed in 36.65 >>> seconds >>> Feb 7 07:27:37 mta1 MailScanner[19403]: Logging message >>> k17COSFG019175 >>> to SQL >>> Feb 7 07:27:37 mta1 MailScanner[19403]: Logging message >>> k17CN0FG019106 >>> to SQL >>> Feb 7 07:27:37 mta1 MailScanner[19403]: "Always Looked Up Last" >>> took >>> 0.05 secon >>> ds >>> >>> I double-checked the setting and restarted twice... Is that normal? >>> >>> Regards, >>> >>> -- >>> Ugo >>> >>> -> Please don't send a copy of your reply by e-mail. I read the >>> list. >>> -> Please avoid top-posting, long signatures and HTML, and cut the >>> irrelevant parts in your replies. >>> >> Hi Ugo, >> There is/was an ongoing thread about this, that basically covers the >> why and how etc of this one. Executive summary is: Jeff wanted it, >> Jules liked the idea, and now we all get it. Some others rather >> didin't like it... So ... You are not alone ... (Me, I'm still on the >> fence:-). >> -- >> -- Glenn > > Glenn is correct. The Log Speed setting doesn't affect the logging > of the items you mentioned. I'm not sure what it does stop??? > > In any case, if you don't want the speed logging then you'll need > to comment out the appropriate lines in MessageBatch.pm. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.4 (Build 4042) iQEVAwUBQ+iyc/w32o+k+q+hAQGLdQgAoSSZmcW1AYyqkHqJrZmHIXJZ//2ceRRi RH74ROBGPfUo+6GDIYT8jt6OBdf2xNePOMyzHU8SrWbOalURCnEK5JXVW8mFnPgQ /xj1pXORKeqbDmTnv0OBLFfmSNLagUe5km51nUEzOQBFovY6YqUaogSJAMn14bv6 rMJQGS1Qqvky/eLbHQH85mNcNK8N0kc8R0AWr6rXp+n+1jpnSbV1y3EbeGkWL/21 dBFIUUbtMx4piV+A6ldh5Lps+88egVk4TuZMB/rOLqG488I1owqVd8r8xW8GzR47 9TJymN0BDtAsbl9uiGmkURKtIrxJJVNGSm7ZiE9pyvz2yGI0NJx8mg== =rYz7 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lhaig at haigmail.com Tue Feb 7 14:52:38 2006 From: lhaig at haigmail.com (Lance Haig) Date: Tue Feb 7 14:52:40 2006 Subject: 4.50.14 possible bug In-Reply-To: References: <223f97700602070518h7d369b2fm@mail.gmail.com> <43E8ABA1.7040801@rogers.com> Message-ID: <43E8B436.6060105@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 And I wanted to try and update my MS tonight :-) Have fun Lance Julian Field wrote: > Remind me in about 10 days about this, and I'll add a line so that > the last line of your output is not logged unless Log Speed is > switched on. > > I'm on holiday in 1.25 hours :-) > > On 7 Feb 2006, at 14:16, Gerry Doris wrote: > >>> Glenn Steen wrote: >>>> On 07/02/06, Ugo Bellavance wrote: >>>>> Hi, >>>>> >>>>> Even tough I have: >>>>> >>>>> Log Speed = no >>>>> >>>>> I get these in my logs: >>>>> >>>>> Feb 7 07:27:37 mta1 MailScanner[19403]: Batch processed in 36.65 >>>>> seconds >>>>> Feb 7 07:27:37 mta1 MailScanner[19403]: Logging message >>>>> k17COSFG019175 >>>>> to SQL >>>>> Feb 7 07:27:37 mta1 MailScanner[19403]: Logging message >>>>> k17CN0FG019106 >>>>> to SQL >>>>> Feb 7 07:27:37 mta1 MailScanner[19403]: "Always Looked Up Last" >>>>> took >>>>> 0.05 secon >>>>> ds >>>>> >>>>> I double-checked the setting and restarted twice... Is that normal? >>>>> >>>>> Regards, >>>>> >>>>> -- >>>>> Ugo >>>>> >>>>> -> Please don't send a copy of your reply by e-mail. I read the >>>>> list. >>>>> -> Please avoid top-posting, long signatures and HTML, and cut the >>>>> irrelevant parts in your replies. >>>>> >>>> Hi Ugo, >>>> There is/was an ongoing thread about this, that basically covers the >>>> why and how etc of this one. Executive summary is: Jeff wanted it, >>>> Jules liked the idea, and now we all get it. Some others rather >>>> didin't like it... So ... You are not alone ... (Me, I'm still on the >>>> fence:-). >>>> -- >>>> -- Glenn >>> Glenn is correct. The Log Speed setting doesn't affect the logging >>> of the items you mentioned. I'm not sure what it does stop??? >>> >>> In any case, if you don't want the speed logging then you'll need >>> to comment out the appropriate lines in MessageBatch.pm. >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD6LQ2M4kHBIBZ61gRAmLIAJoDf6Lo5/gPvuP1LJe+pVKP95XYDACdFgZ1 14sgCBIjTCs4tf6fPQ/JXwk= =Fux9 -----END PGP SIGNATURE----- From mailscanner at lightpro.de Tue Feb 7 15:15:48 2006 From: mailscanner at lightpro.de (mailscanner@lightpro.de) Date: Tue Feb 7 15:15:59 2006 Subject: Global Rule for checking mails Message-ID: <1139325347.23424@lightpro1.lightpro.de> Hi! Is it possible to set a rule where I can configure if mailscanner checks mails from email adresses or not? We had mailscanner running with debian woody and after upgrading to sarge it seems that mailscanner checks every outgoing mail, if it's in the rules or not. The rules file looks like this: FromOrTo: *@domain1.de yes To: *@domain2.de yes To: *@domain3.de yes FromOrTo: default no For testing I've set the rule for domain1 to no but mailscanner checks mails coming or going to this adress... Hope you understand what I've wrote... :) Kind Regards, Ingo From alex at nkpanama.com Tue Feb 7 15:29:17 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Feb 7 15:29:26 2006 Subject: sendmail greet_pause feature In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580B0D3BCD@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580B0D3BCD@isabella.herefordshire.gov.uk> Message-ID: <43E8BCCD.2040803@nkpanama.com> We have about a half-dozen major ISP's in our country, and I usually will add their particular dialup-dsl-cable reverse dns domains (like, for example, .dslsubscriber.localisp.com) with a high (30s) delay, and default to something more sensible (8s) for everybody else except for trusted domains. That way, legitimate mail from legitimate SME's who happen to use their services will come through, and compromised machines will not. Speaking of SME's, greylisting also works extremely well, and is almost transparent when the delay is set to something small, like a minute. Speaking of which, it would be somewhat trivial for a programmer (IANAP, but I can try, in "bash" or something) to have a script that runs every minute, looks at /var/log/maillog, and inserts iptables rules blocking port 25 from IP's who have tried unsuccessfully more than a specific number of times in the last minute to send mail violating the rfc's, only to be unblocked after another specified interval. In very sloppy pseudocode it would be something like (again, IANAP): ------------------------ sleep till the next minute (or 60s, or whatever); for addresses in `grep the maillog for (time(now)-(time - 1min) | grep "pre-greeting" /var/log/maillog | cut -d \[ -f 3 | cut -f 1 -d \] | sort -u` do; store time (now) + separator + address in (database|textfile|whatever); exec ('iptables -A INPUT -p tcp --dport 25 -j DROP -s' + address); done; while not eof(database|textfile|whatever) do; read timerecord,address; if time(now) > timerecord+interval then exec ('iptables -D INPUT -p tcp --dport 25 -j DROP -s' + address); fi; done; -------------------------- Doable? Anyone? Randal, Phil wrote: > I've done that, it was more a cautionary note to others. > > greet_pause is currently catching about 10% of our incoming emails. > > Around 40% of our incoming mail was spam, so it helps. > > Cheers, > > Phil > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Alex Neuman van der Hans >> Sent: 07 February 2006 13:22 >> To: MailScanner discussion >> Subject: Re: sendmail greet_pause feature >> >> Whitelist them using the access db (put their netblocks or >> domains on a, say, 3 second delay instead). >> >> Randal, Phil wrote: >> >>> Looking at the last couple of days' sendmail logs I'm finding a few >>> who really should know better falling foul of a greet_pause >>> >> 10 second delay: >> >>> ncsmtp02.partner.nspcc.org.uk >>> gateway.brent.gov.uk >>> >>> and these ISPs. Tut tut! >>> >>> various mx servers at mail.freeuk.net (mx0.mail.freeuk.net, mx1) >>> various mx servers at mail.uk.clara.net >>> >> (mx0.mail.uk.clara.net through >> >>> mx5) >>> store0.mail.uk.easynet.net >>> >>> Cheers, >>> >>> Phil >>> ---- >>> Phil Randal >>> Network Engineer >>> Herefordshire Council >>> Hereford, UK >>> >>> >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On >>>> >> Behalf Of Will >> >>>> McDonald >>>> Sent: 07 February 2006 11:44 >>>> To: MailScanner discussion >>>> Subject: Re: sendmail greet_pause feature >>>> >>>> On 07/02/06, Roger Jochem wrote: >>>> >>>> >>>>> I just enabled the greet_pause im my sendmail. I'm seing a lot of >>>>> warnings in my maillog about messages being rejected >>>>> >>>>> >>>> becouse there was >>>> >>>> >>>>> a pre-greeting traffic. Is there some way I could see >>>>> >> what messages >> >>>>> were this rejected messages, just to be sure I'm not >>>>> >>>>> >>>> rejecting "good mail". >>>> >>>> Given what greet_pause is doing, and why, I doubt there's anyway >>>> you're going to get more than is already contained in the log >>>> message. >>>> >>>> Most of the rejections we've seen since enabling it last week have >>>> been >>>> >>>> * from IP addresses without reverse DNS >>>> * within dynamically assigned ranges (DSL, cable modems >>>> >> and the like) >> >>>> * from *.pl, *.ru, *.kr and other usually suspicious TLDs. >>>> >>>> Try something like... >>>> >>>> $ awk '/due to pre-greeting/ { print $10 }' >>>> >> /var/log/maillog | sort >> >>>> -u >>>> >>>> Have a scan through and the chances are it'll all be suspicious >>>> looking. And remember, even if the reverse lookup makes them look >>>> potentially legit, they're still trying to inject mail >>>> >> traffic before >> >>>> you've told them to, which should immediately raise concerns. >>>> >>>> Will. >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >> -- >> >> Alex Neuman van der Hans >> N&K Technology Consultants >> Tel. +507 214-9002 - http://nkpanama.com/ >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From PHachey at city.cornwall.on.ca Tue Feb 7 15:45:42 2006 From: PHachey at city.cornwall.on.ca (Philip Hachey) Date: Tue Feb 7 15:45:45 2006 Subject: MailScanner 4.50.15 problem: Scan Messages variable. Message-ID: In MailScanner.conf, I have the variable "Scan Messages" pointed to a ruleset. The "result values" are apparently ignored when two lines are matched. Below are various scenarios and the results. SCENARIO A: From: 127.0.0.1 no FromOrTo: default yes RESULTS A: Mail to any@domain.com from localhost => not scanned Mail to any@domain.com from external => scanned OK SCENARIO B: To: postmaster@domain.com no FromOrTo: default yes RESULTS B: Mail to postmaster@domain.com from localhost => not scanned Mail to postmaster@domain.com from external => not scanned Mail to anyother@domain.com from localhost => scanned Mail to anyother@domain.com from external => scanned OK SCENARIO C (the desired one): From: 127.0.0.1 no To: postmaster@domain.com no FromOrTo: default yes RESULTS C: Mail to postmaster@domain.com from localhost => SCANNED! Mail to postmaster@domain.com from external => not scanned Mail to anyother@domain.com from localhost => not scanned Mail to anyother@domain.com from external => scanned NOT OK I even tried adding the following to the ruleset: From: 127.0.0.1 and To: postmaster@domain.com no However, while it works if it's the only matching rule in the ruleset, as soon as I add either of the following lines, then none of them are triggered when mail is sent to postmaster@domain.com from localhost: From: 127.0.0.1 no To: postmaster@domain.com no Philip Hachey From HancockS at morganco.com Tue Feb 7 16:00:42 2006 From: HancockS at morganco.com (Hancock, Scott) Date: Tue Feb 7 16:00:56 2006 Subject: Max file depth rule syntax help. Message-ID: <7A6F9F7356141C42987075747C5B87D302764E6D@wmail.int.morganco.com> I want to allow zip files from an IP without scanning filename rules So that zips can be sent with dangerous content. Here are the relevant settings. The IP is a placeholder. MailScanner.conf Maximum Archive Depth = %rules-dir%/archive.depth.rules archive.depth.rules FromOrTo: 255.255.255.255 0 FromOrTo: default 2 syslog Config Error: Cannot match against destination IP address when resolving configuration option "maxzipdepth" It seems to me this follows the ruleset syntax. http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rul esets:readme Thanks Scott From alex at nkpanama.com Tue Feb 7 16:04:18 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Feb 7 16:04:26 2006 Subject: Max file depth rule syntax help. In-Reply-To: <7A6F9F7356141C42987075747C5B87D302764E6D@wmail.int.morganco.com> References: <7A6F9F7356141C42987075747C5B87D302764E6D@wmail.int.morganco.com> Message-ID: <43E8C502.5040806@nkpanama.com> Hancock, Scott wrote: > I want to allow zip files from an IP without scanning filename rules So > that zips can be sent with dangerous content. > > Here are the relevant settings. The IP is a placeholder. > > MailScanner.conf > Maximum Archive Depth = %rules-dir%/archive.depth.rules > > archive.depth.rules > FromOrTo: 255.255.255.255 0 > FromOrTo: default 2 > > syslog > Config Error: Cannot match against destination IP address when > resolving configuration option "maxzipdepth" > > > It seems to me this follows the ruleset syntax. > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rul > esets:readme > > It doesn't. You need "From:" IP, because MS can't tell the To: IP (MS isn't an MTA). > Thanks > > Scott > > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From glenn.steen at gmail.com Tue Feb 7 16:15:15 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 7 16:15:18 2006 Subject: 4.50.14 possible bug In-Reply-To: References: <223f97700602070518h7d369b2fm@mail.gmail.com> <43E8ABA1.7040801@rogers.com> Message-ID: <223f97700602070815s12f83c38h@mail.gmail.com> On 07/02/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Remind me in about 10 days about this, and I'll add a line so that > the last line of your output is not logged unless Log Speed is > switched on. > > I'm on holiday in 1.25 hours :-) Much deserved, have a good one! -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martinh at solid-state-logic.com Tue Feb 7 16:50:02 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Feb 7 16:50:17 2006 Subject: Global Rule for checking mails In-Reply-To: <1139325347.23424@lightpro1.lightpro.de> Message-ID: <00ae01c62c06$8a90d010$3004010a@martinhlaptop> Hi Better to do this ip-based as spam/viruses fake the from domain to be the to domain etc.... Have a look at the "Scan Email" option MailScanner.conf -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of mailscanner@lightpro.de > Sent: 07 February 2006 15:16 > To: mailscanner@lists.mailscanner.info > Subject: Global Rule for checking mails > > Hi! > > Is it possible to set a rule where I can configure if mailscanner checks > mails from email adresses or not? > > We had mailscanner running with debian woody and after upgrading to sarge > it seems that mailscanner checks every outgoing mail, if it's in the rules > or not. > > The rules file looks like this: > > > FromOrTo: *@domain1.de yes > To: *@domain2.de yes > To: *@domain3.de yes > > FromOrTo: default no > > For testing I've set the rule for domain1 to no but mailscanner checks > mails coming or going to this adress... > > Hope you understand what I've wrote... :) > > Kind Regards, Ingo ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From HancockS at morganco.com Tue Feb 7 16:58:37 2006 From: HancockS at morganco.com (Hancock, Scott) Date: Tue Feb 7 16:58:52 2006 Subject: Max file depth rule syntax help. Message-ID: <7A6F9F7356141C42987075747C5B87D302764EE2@wmail.int.morganco.com> > > > > > It doesn't. You need "From:" IP, because MS can't tell the > To: IP (MS isn't an MTA). Thanks Alex. Scott From dmehler26 at woh.rr.com Tue Feb 7 17:19:29 2006 From: dmehler26 at woh.rr.com (Dave) Date: Tue Feb 7 17:28:23 2006 Subject: mailscanner and perdomain white and blacklists References: <003f01c62787$c3f61370$0200a8c0@satellite> <46930868-3367-42BE-91FD-75B47F99B677@ecs.soton.ac.uk> <002b01c6281b$79cb1c20$0200a8c0@satellite> <43E2414A.90901@ecs.soton.ac.uk> Message-ID: <004e01c62c0a$a8159680$0200a8c0@satellite> Hi Julian, Sorry about the long delay in getting back to you. I checked out CustomConfig.pm and if i'm reading it right what i have to do is set the "Is Definitely Spam" and "Is Definitely Spam" to point to a directory for white and blacklists. So say i want a whitelist for example1.com i would make a /etc/MailScanner/domains directory for all my domains and point ms to it. Then make a directory for example1.com and then a file spam.whitelists.conf adding in what i want. Put the blacklist in the same area. Before i let you know of my problem do i have this right so far? Checking the MS config on this box here's what is already in there for those values: Is Definitely Not Spam=%rules-dir%/spam.whitelist.rules. Is Definitely Spam=%rules-dir%/spam.blacklist.rules and those files exist with content. If i'm reading this right these whitelists and blacklists are applied globally and not per-user and per-domain? Thanks. Dave. ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Thursday, February 02, 2006 12:28 PM Subject: Re: mailscanner and perdomain white and blacklists > There is code to do this in CustomConfig.pm in > /usr/lib/MailScanner/MailScanner. There is documentation in there that > will tell you how to enable the code and how to set everything up for it. > Look for the Per-Domain whitelist and blacklist code and you'll find it, > there is code in the same file for other add-on features as well. > > If you have trouble setting it up or getting it basically working, then > give me a shout (possibly on IRC) and I'll try to help where I can. > > It's not hard, you don't have to write any code or anything to make it all > work > :-) > > Dave wrote: >> Hi Julian, >> Thanks for your reply. I haven't had a moment yet to check out that >> boxes mailscanner.conf except except just a quick overview of the >> mta-specific settings. Can the spam whitelists and blacklists be used on >> a perdomain basis? For example, i've got domain1.com and domain2.com. The >> user at domain1.com wants a user added to his spam whitelist while the >> user at domain2.com wants a spammer added to his spam blacklist. Ideally >> i believe these users at domain 1 and 2 .com want independent lists. >> Thanks a lot. >> Dave. >> >> ----- Original Message ----- From: "Julian Field" >> >> To: "MailScanner discussion" >> Sent: Thursday, February 02, 2006 4:09 AM >> Subject: Re: mailscanner and perdomain white and blacklists >> >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> >>> On 1 Feb 2006, at 23:32, Dave wrote: >>> >>>> Hello, >>>> I've got a mailscanner install with sendmail. It's working fine >>>> and it's working for multiple users. Now i'm getting requests from >>>> user a to add a username/domain to a blacklist file and user b to >>>> add another username/domain to a whitelist file. These i'm thinking >>>> should be separate as they are separate domains. This is on an fc4 >>>> box. Is this doable, any help appreciated. >>>> Thanks. >>>> Dave. >>> >>> Blacklist or whitelist in what sense? You basically just need a >>> couple of rulesets, one for your blacklist and one for your >>> whitelist. There is already a spam.whitelist.rules which you can use >>> as a sample from which to create and use a spam.blacklist.rules file. >>> Look in MailScanner.conf for spam.whitelist.rules and you will see >>> how to refer a setting to a rules file. >>> - -- Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.0.4 (Build 4042) >>> >>> iQEVAwUBQ+HMSPw32o+k+q+hAQFcjgf/b7C67K+nPF2k5yRxvHN4rmRhxSQuV+Eo >>> ALqzDcgMPMNSnHGBTC2S0C+XPgzx0Fa3RIMzw7vMIHDuL6O5Gme4C2Hco4B6+taX >>> vKISOpZ3mWI0HVWPYfytXBZwCBYG0MJBrIXDOr5pH/+R2HRxfQ0UGRkt63nojNiH >>> D668v55qOGNMjxGx0JR9qLJNQhxtFaGMBvmZ8D5j74B1H+UX/yhL15hXgvST1lyO >>> rQgiX+Fmc4ZIFhgc6G362AC5iSIh2ebXrYnyo9mt2Jdzu2KTScZjR7A0xKiPWOf5 >>> uVmaHMRFV8TVe+068DKrdpnT0l9BDGuwW1aFznE5vAk2hCL3rz6jTA== >>> =2N0u >>> -----END PGP SIGNATURE----- >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From dhawal at netmagicsolutions.com Tue Feb 7 17:49:35 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Tue Feb 7 17:49:23 2006 Subject: mailscanner and perdomain white and blacklists In-Reply-To: <004e01c62c0a$a8159680$0200a8c0@satellite> References: <003f01c62787$c3f61370$0200a8c0@satellite> <46930868-3367-42BE-91FD-75B47F99B677@ecs.soton.ac.uk> <002b01c6281b$79cb1c20$0200a8c0@satellite> <43E2414A.90901@ecs.soton.ac.uk> <004e01c62c0a$a8159680$0200a8c0@satellite> Message-ID: <43E8DDAF.1050109@netmagicsolutions.com> Dave wrote: > Hi Julian, > Sorry about the long delay in getting back to you. I checked out > CustomConfig.pm and if i'm reading it right what i have to do is set the > "Is Definitely Spam" and "Is Definitely Spam" to point to a directory Umm no.. the directory pointing is already done. egrep '^my \$BlacklistDir|^my \$WhitelistDir' CustomConfig.pm You need to point 'Is Definitely Not Spam' and 'Is Definitely Spam' to a function.. '&ByDomainSpamWhitelist' and '&ByDomainSpamBlacklist' to be precise.. Now create the directories as defined in CustomConfig.pm.. typically /etc/MailScanner/spam.bydomain/whitelist /etc/MailScanner/spam.bydomain/blacklist A file named 'default' will be the global (server-wide) list, 'domain.tld' will the domain specific list and 'user@domain.tld' will be the user specific list. 'default', 'domain.tld' and 'user@domain.tld' can exist in both directories as per your requirements. The content of 'default', 'domain.tld' and 'user@domain.tld' can be a mix of domains, email-addresses and ip-addresses (one per line). Once you have it working, also look at the 'Definite Spam Is High Scoring' option. Hope it is clear now :-) - dhawal > for white and blacklists. So say i want a whitelist for example1.com i > would make a /etc/MailScanner/domains directory for all my domains and > point ms to it. Then make a directory for example1.com and then a file > spam.whitelists.conf adding in what i want. Put the blacklist in the > same area. Before i let you know of my problem do i have this right so > far? Checking the MS config on this box here's what is already in there > for those values: > > Is Definitely Not Spam=%rules-dir%/spam.whitelist.rules. > Is Definitely Spam=%rules-dir%/spam.blacklist.rules > > and those files exist with content. If i'm reading this right these > whitelists and blacklists are applied globally and not per-user and > per-domain? > Thanks. > Dave. > > ----- Original Message ----- From: "Julian Field" > > To: "MailScanner discussion" > Sent: Thursday, February 02, 2006 12:28 PM > Subject: Re: mailscanner and perdomain white and blacklists > > >> There is code to do this in CustomConfig.pm in >> /usr/lib/MailScanner/MailScanner. There is documentation in there that >> will tell you how to enable the code and how to set everything up for >> it. Look for the Per-Domain whitelist and blacklist code and you'll >> find it, there is code in the same file for other add-on features as >> well. >> >> If you have trouble setting it up or getting it basically working, >> then give me a shout (possibly on IRC) and I'll try to help where I can. >> >> It's not hard, you don't have to write any code or anything to make it >> all work >> :-) >> >> Dave wrote: >>> Hi Julian, >>> Thanks for your reply. I haven't had a moment yet to check out >>> that boxes mailscanner.conf except except just a quick overview of >>> the mta-specific settings. Can the spam whitelists and blacklists be >>> used on a perdomain basis? For example, i've got domain1.com and >>> domain2.com. The user at domain1.com wants a user added to his spam >>> whitelist while the user at domain2.com wants a spammer added to his >>> spam blacklist. Ideally i believe these users at domain 1 and 2 .com >>> want independent lists. >>> Thanks a lot. >>> Dave. >>> >>> ----- Original Message ----- From: "Julian Field" >>> >>> To: "MailScanner discussion" >>> Sent: Thursday, February 02, 2006 4:09 AM >>> Subject: Re: mailscanner and perdomain white and blacklists >>> >>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> >>>> On 1 Feb 2006, at 23:32, Dave wrote: >>>> >>>>> Hello, >>>>> I've got a mailscanner install with sendmail. It's working fine >>>>> and it's working for multiple users. Now i'm getting requests from >>>>> user a to add a username/domain to a blacklist file and user b to >>>>> add another username/domain to a whitelist file. These i'm thinking >>>>> should be separate as they are separate domains. This is on an fc4 >>>>> box. Is this doable, any help appreciated. >>>>> Thanks. >>>>> Dave. >>>> >>>> Blacklist or whitelist in what sense? You basically just need a >>>> couple of rulesets, one for your blacklist and one for your >>>> whitelist. There is already a spam.whitelist.rules which you can use >>>> as a sample from which to create and use a spam.blacklist.rules file. >>>> Look in MailScanner.conf for spam.whitelist.rules and you will see >>>> how to refer a setting to a rules file. >>>> - -- Julian Field From rgreen at trayerproducts.com Tue Feb 7 18:08:21 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Tue Feb 7 18:08:40 2006 Subject: OT: Shell Script Message-ID: <43E8E215.4060702@trayerproducts.com> Hello, In a shell script, does the command specified on one line wait until the previous line's command finishes before running? I've looked at a few tutorials but didn't find anything. I'm attempting to run a mail archiving script that has to be run for each mail archive file. I don't want them to all run at the same time as that would probably overload the system. Thanks, Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From michele at blacknight.ie Tue Feb 7 18:19:47 2006 From: michele at blacknight.ie (Michele Neylon :: Blacknight Solutions) Date: Tue Feb 7 18:19:50 2006 Subject: Shell Script In-Reply-To: <43E8E215.4060702@trayerproducts.com> Message-ID: <038a01c62c13$14da7620$453711d4@arthur> Rodney Green <> said on 07 February 2006 18:08: > Hello, > > In a shell script, does the command specified on one line wait until > the previous line's command finishes before running? I've looked at a > few tutorials but didn't find anything. I'm attempting to run a mail > archiving script that has to be run for each mail archive file. I > don't want them to all run at the same time as that would probably > overload the system. > Rod I'm not 100% sure, but if you put a semi-colon between commands it will execute them in sequence Michele PS: We've extended our IE domain offer for the month of February! Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From john at jolet.net Tue Feb 7 18:19:42 2006 From: john at jolet.net (John Jolet) Date: Tue Feb 7 18:19:55 2006 Subject: OT: Shell Script In-Reply-To: <43E8E215.4060702@trayerproducts.com> References: <43E8E215.4060702@trayerproducts.com> Message-ID: <07D007AC-88D5-4B3B-ACF5-21CCB64B76E4@jolet.net> On Feb 7, 2006, at 12:08 PM, Rodney Green wrote: > > Hello, > > In a shell script, does the command specified on one line wait > until the previous line's command finishes before running? I've > looked at a few tutorials but didn't find anything. I'm attempting > to run a mail archiving script that has to be run for each mail > archive file. I don't want them to all run at the same time as that > would probably overload the system. > yes. it's as if you were sitting there typing the commands. unless the line is terminated with & > Thanks, > Rod > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From sailer at bnl.gov Tue Feb 7 18:21:56 2006 From: sailer at bnl.gov (Tim Sailer) Date: Tue Feb 7 18:22:08 2006 Subject: OT: Shell Script In-Reply-To: <43E8E215.4060702@trayerproducts.com> References: <43E8E215.4060702@trayerproducts.com> Message-ID: <20060207182156.GA26518@bnl.gov> On Tue, Feb 07, 2006 at 01:08:21PM -0500, Rodney Green wrote: > > Hello, > > In a shell script, does the command specified on one line wait until the > previous line's command finishes before running? I've looked at a few > tutorials but didn't find anything. I'm attempting to run a mail > archiving script that has to be run for each mail archive file. I don't > want them to all run at the same time as that would probably overload > the system. That depends on the command. Some commands daemonize (run in the background) when you run them. Most do not, by default. You can use something like: #!/bin/sh cd /var/spool/mail for file in `echo *` do archive.cmd $file done Tim -- Tim Sailer Information and Special Technologies Program Northeast Regional Counterintelligence Office Brookhaven National Laboratory (631) 344-3001 From rgreen at trayerproducts.com Tue Feb 7 18:40:35 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Tue Feb 7 18:41:16 2006 Subject: OT: Shell Script In-Reply-To: <20060207182156.GA26518@bnl.gov> References: <43E8E215.4060702@trayerproducts.com> <20060207182156.GA26518@bnl.gov> Message-ID: <43E8E9A3.4090803@trayerproducts.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060207/1bc47fe6/attachment-0001.html From listacct at tulsaconnect.com Tue Feb 7 19:38:31 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Tue Feb 7 19:38:25 2006 Subject: More 4.50.15 woes on FreeBSD In-Reply-To: <7473B3C6-CEF8-47A4-B391-250DC8C5CC45@ecs.soton.ac.uk> References: <43E77B62.20805@tulsaconnect.com> <43E77E8F.5000300@ecs.soton.ac.uk> <43E79185.90401@tulsaconnect.com> <43E7D430.2010006@tulsaconnect.com> <43E813CE.7020904@tulsaconnect.com> <43E8A37B.6020608@tulsaconnect.com> <7473B3C6-CEF8-47A4-B391-250DC8C5CC45@ecs.soton.ac.uk> Message-ID: <43E8F737.4060100@tulsaconnect.com> Julian Field wrote: >> I'm running exim 4.34-0 on FreeBSD 4.9. With that in mind, should >> I edit the line to say: >> >> if (MailScanner::Config::Value('mta') =~ /exim|postfix/i) { > > No, you should do the exact opposite, so you want /sendmail|postfix/i) { > - -- FWIW, this was on line # 1394 in my Message.pm. I've made the change and will let you know the results. Is there any specific Perl modules that need to be updated with 4.50.15 that I might have missed since I don't install from the RPM or install.sh? -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From Cleveland at winnefox.org Tue Feb 7 20:05:13 2006 From: Cleveland at winnefox.org (Jody Cleveland) Date: Tue Feb 7 20:00:11 2006 Subject: Outlook Rich Text Format messages - how to let through? Message-ID: <9720CA43F755A148BF65B6618B90CB94126239@magneto.wals.local> I'm running MailScanner ver. 4.50.15 on a redhat 4.0AS server that then routes to an exchange 2003 server. I recently upgraded to this version of MailScanner, and I'm noticing these reports from the quarantine: MailScanner: No Outlook Rich Text Format messages due to security hole, use HTML instead (msg-2611-3.txt) So, I did some research, and set Deliver Unparsable TNEF to yes. But, I'm still getting those notices. Is there another setting I'm missing? - jody From jeff at dynamictelecard.com Tue Feb 7 20:06:20 2006 From: jeff at dynamictelecard.com (Jeff Davis) Date: Tue Feb 7 20:06:54 2006 Subject: Problem with new MS 4.50.14 install Message-ID: <43E8FDBC.1010801@dynamictelecard.com> Can someone point me in the right direction? I have a fresh install of Postfix 2.1.5, MailScanner 4.50.14, and the SA-ClamAV package ( ClamAV .88, SA 3.1.0) The problem is when I start up MailScanner I see some config continuously looping in the maillog and the incoming/outgoing messages just sit in the hold queue. The initial MS install went off quite well. Postfix worked before Mailscanner install. ...and if I shut MailScanner off postfix still works, although I have to push the files through due to the HOLD header check. I followed the directions for a postfix config and change the Run As user and group to postfix, and I've set my Incoming Queue Dir = /var/spool/postfix/hold and Outgoing Queue Dir = /var/spool/postfix/incoming I chown'd my MailScanner dirs: drwx------ 2 postfix postfix 4096 Feb 7 11:48 incoming drwx------ 2 postfix postfix 4096 Feb 1 17:38 quarantine Have I missed something obvious in the MailScanner config? Thanks for any assistance you can provide. Log snippet> Feb 7 14:49:51 mta MailScanner[27675]: MailScanner E-Mail Virus Scanner version 4.50.14 starting... Feb 7 14:49:52 mta MailScanner[27675]: Read 701 hostnames from the phishing whitelist Feb 7 14:49:52 mta MailScanner[27675]: Config: calling custom init function SQLBlacklist Feb 7 14:49:52 mta MailScanner[27675]: Starting up SQL Blacklist Feb 7 14:49:52 mta MailScanner[27675]: Read 0 blacklist entries Feb 7 14:49:52 mta MailScanner[27675]: Config: calling custom init function MailWatchLogging Feb 7 14:49:52 mta MailScanner[27675]: Started SQL Logging child Feb 7 14:49:52 mta MailScanner[27675]: Config: calling custom init function SQLWhitelist Feb 7 14:49:52 mta MailScanner[27675]: Starting up SQL Whitelist Feb 7 14:49:52 mta MailScanner[27675]: Read 0 whitelist entries Feb 7 14:49:52 mta MailScanner[27675]: Using SpamAssassin results cache Feb 7 14:49:52 mta MailScanner[27675]: Connected to SpamAssassin cache database Feb 7 14:50:02 mta MailScanner[27681]: MailScanner E-Mail Virus Scanner version 4.50.14 starting... Feb 7 14:50:03 mta MailScanner[27681]: Read 701 hostnames from the phishing whitelist Feb 7 14:50:03 mta MailScanner[27681]: Config: calling custom init function SQLBlacklist Feb 7 14:50:03 mta MailScanner[27681]: Starting up SQL Blacklist Feb 7 14:50:03 mta MailScanner[27681]: Read 0 blacklist entries Feb 7 14:50:03 mta MailScanner[27681]: Config: calling custom init function MailWatchLogging Feb 7 14:50:03 mta MailScanner[27681]: Started SQL Logging child Feb 7 14:50:03 mta MailScanner[27681]: Config: calling custom init function SQLWhitelist Feb 7 14:50:03 mta MailScanner[27681]: Starting up SQL Whitelist Feb 7 14:50:03 mta MailScanner[27681]: Read 0 whitelist entries Feb 7 14:50:03 mta MailScanner[27681]: Using SpamAssassin results cache Feb 7 14:50:03 mta MailScanner[27681]: Connected to SpamAssassin cache database Feb 7 14:50:13 mta MailScanner[27720]: MailScanner E-Mail Virus Scanner version 4.50.14 starting... Feb 7 14:50:14 mta MailScanner[27720]: Read 701 hostnames from the phishing whitelist Feb 7 14:50:14 mta MailScanner[27720]: Config: calling custom init function SQLBlacklist Feb 7 14:50:14 mta MailScanner[27720]: Starting up SQL Blacklist Feb 7 14:50:14 mta MailScanner[27720]: Read 0 blacklist entries Feb 7 14:50:14 mta MailScanner[27720]: Config: calling custom init function MailWatchLogging Feb 7 14:50:14 mta MailScanner[27720]: Started SQL Logging child Feb 7 14:50:14 mta MailScanner[27720]: Config: calling custom init function SQLWhitelist Feb 7 14:50:14 mta MailScanner[27720]: Starting up SQL Whitelist Feb 7 14:50:14 mta MailScanner[27720]: Read 0 whitelist entries Feb 7 14:50:14 mta MailScanner[27720]: Using SpamAssassin results cache Feb 7 14:50:14 mta MailScanner[27720]: Connected to SpamAssassin cache database From Denis.Beauchemin at USherbrooke.ca Tue Feb 7 20:07:56 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Feb 7 20:08:11 2006 Subject: Outlook Rich Text Format messages - how to let through? In-Reply-To: <9720CA43F755A148BF65B6618B90CB94126239@magneto.wals.local> References: <9720CA43F755A148BF65B6618B90CB94126239@magneto.wals.local> Message-ID: <43E8FE1C.6010707@USherbrooke.ca> Jody Cleveland wrote: >I'm running MailScanner ver. 4.50.15 on a redhat 4.0AS server that then >routes to an exchange 2003 server. I recently upgraded to this version >of MailScanner, and I'm noticing these reports from the quarantine: > >MailScanner: No Outlook Rich Text Format messages due to security hole, >use HTML instead (msg-2611-3.txt) > >So, I did some research, and set Deliver Unparsable TNEF to yes. > >But, I'm still getting those notices. Is there another setting I'm >missing? > >- jody > > Jody, What you're looking for is: filetype.rules.conf:deny Transport Neutral Encapsulation Format Windows security vulnerability No Outlook Rich Text Format messages due to security hole, use HTML instead Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060207/9ff7920c/smime.bin From listacct at tulsaconnect.com Tue Feb 7 20:56:54 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Tue Feb 7 20:56:53 2006 Subject: More 4.50.15 woes on FreeBSD In-Reply-To: <43E8F737.4060100@tulsaconnect.com> References: <43E77B62.20805@tulsaconnect.com> <43E77E8F.5000300@ecs.soton.ac.uk> <43E79185.90401@tulsaconnect.com> <43E7D430.2010006@tulsaconnect.com> <43E813CE.7020904@tulsaconnect.com> <43E8A37B.6020608@tulsaconnect.com> <7473B3C6-CEF8-47A4-B391-250DC8C5CC45@ecs.soton.ac.uk> <43E8F737.4060100@tulsaconnect.com> Message-ID: <43E90996.5080104@tulsaconnect.com> TCIS List Acct wrote: > FWIW, this was on line # 1394 in my Message.pm. > > I've made the change and will let you know the results. > > Is there any specific Perl modules that need to be updated with 4.50.15 > that I might have missed since I don't install from the RPM or install.sh? > Ok, made the change, ran for about an hour, same results. Here is a ps -aux | grep MailScanner (hopefully the formatting doesn't get mangled): last pid: 24191; load averages: 45.37, 39.75, 41.22 up 63+23:05:33 14:54:19 228 processes: 62 running, 129 sleeping, 37 zombie CPU states: 45.1% user, 0.0% nice, 54.8% system, 0.1% interrupt, 0.0% idle Mem: 1487M Active, 149M Inact, 300M Wired, 22M Cache, 199M Buf, 51M Free Swap: 2048M Total, 652M Used, 1396M Free, 31% Inuse, 5064K In, 396K Out $ ps -aux | grep MailScanner root 13990 25.0 0.1 46872 2048 ?? S 2:47PM 0:07.86 MailScanner: checking with Spam Lists (perl) root 22514 21.2 1.5 51308 31956 ?? R 2:53PM 0:01.68 MailScanner: checking with SpamAssassin (perl) root 22367 11.5 1.2 49488 26076 ?? R 2:53PM 0:01.30 MailScanner: checking with SpamAssassin (perl) root 22329 11.6 1.6 50092 32468 ?? R 2:53PM 0:01.69 MailScanner: checking with SpamAssassin (perl) root 22262 8.2 1.5 50764 31436 ?? R 2:53PM 0:01.67 MailScanner: checking with SpamAssassin (perl) root 22644 9.5 1.0 49592 21256 ?? R 2:53PM 0:00.34 MailScanner: checking with SpamAssassin (perl) root 22632 9.7 1.5 49464 32396 ?? R 2:53PM 0:00.43 MailScanner: checking with SpamAssassin (perl) root 21919 6.9 1.4 52096 28440 ?? R 2:53PM 0:02.03 MailScanner: checking with SpamAssassin (perl) root 88947 7.2 0.3 50224 6808 ?? S 1:46PM 1:36.71 MailScanner: checking with SpamAssassin (perl) root 22434 5.1 1.3 50476 28144 ?? R 2:53PM 0:00.75 MailScanner: checking with SpamAssassin (perl) root 22635 4.8 1.0 49596 21188 ?? Rs 2:53PM 0:00.24 MailScanner: checking with Spam Lists (perl) root 89972 4.7 0.8 50288 16500 ?? R 1:47PM 1:38.56 MailScanner: finishing batch (perl) root 22387 2.8 1.5 50228 32276 ?? R 2:53PM 0:00.51 MailScanner: checking with SpamAssassin (perl) root 50161 3.7 1.1 49708 22044 ?? S 2:15PM 0:36.65 MailScanner: checking with Spam Lists (perl) root 50530 2.7 1.1 50360 22500 ?? S 2:15PM 0:34.22 MailScanner: checking with Spam Lists (perl) root 22579 2.6 1.3 48704 28140 ?? Rs 2:53PM 0:00.21 MailScanner: checking with Spam Lists (perl) root 51209 3.0 0.1 49612 1632 ?? R 2:16PM 0:34.26 MailScanner: checking with SpamAssassin (perl) root 51486 1.9 0.7 49640 14952 ?? D 2:16PM 0:34.03 MailScanner: dangerous content scanning (perl) root 21828 3.1 1.1 31004 23212 ?? R 2:52PM 0:01.36 MailScanner: starting child (perl) root 22590 3.7 1.4 49872 29868 ?? Rs 2:53PM 0:00.24 MailScanner: checking with Spam Lists (perl) root 13760 2.1 1.1 49120 23020 ?? R 2:46PM 0:07.82 MailScanner: waiting for messages (perl) root 22512 3.0 1.2 46352 24656 ?? R 2:53PM 0:00.31 MailScanner: checking with SpamAssassin (perl) root 18131 2.8 0.4 46056 7800 ?? S 2:49PM 0:06.54 MailScanner: checking with SpamAssassin (perl) root 22536 1.7 1.2 48800 25648 ?? Rs 2:53PM 0:00.13 MailScanner: checking with Spam Lists (perl) root 22610 1.5 1.2 50240 25900 ?? Rs 2:53PM 0:00.13 MailScanner: checking with Spam Lists (perl) root 20286 1.3 1.1 49776 22124 ?? R 2:01PM 0:57.23 MailScanner: extracting attachments (perl) root 17904 1.6 0.4 48808 8460 ?? R 2:49PM 0:06.89 MailScanner: checking with Spam Lists (perl) root 90560 1.7 1.0 49784 20604 ?? S 1:47PM 1:36.41 MailScanner: checking with SpamAssassin (perl) root 51829 1.8 1.0 49664 21204 ?? S 2:16PM 0:30.95 MailScanner: checking with SpamAssassin (perl) root 18334 1.2 1.1 46164 23680 ?? S 2:49PM 0:06.20 MailScanner: checking with Spam Lists (perl) root 83514 1.4 1.1 49464 23432 ?? S 2:31PM 0:21.82 MailScanner: checking with SpamAssassin (perl) root 22662 1.0 0.0 608 192 ?? Rs 2:53PM 0:00.01 /bin/sh /opt/MailScanner/lib/f-prot-wrapper /usr/local/f-prot -old root 50863 0.9 1.1 49560 22096 ?? S 2:15PM 0:34.77 MailScanner: checking with Spam Lists (perl) root 52140 0.4 1.1 49648 22880 ?? S 2:16PM 0:33.93 MailScanner: virus scanning (perl) root 80572 0.0 0.0 16600 0 ?? IWs - 0:00.00 MailScanner: master waiting for children, sleeping (perl) root 80600 0.0 0.3 49340 7172 ?? S 2:30PM 0:18.72 MailScanner: checking with SpamAssassin (perl) root 80966 0.0 1.0 49620 20076 ?? S 2:30PM 0:18.43 MailScanner: checking with SpamAssassin (perl) root 81312 0.0 0.0 49548 0 ?? SW - 0:00.00 MailScanner: checking with Spam Lists (perl) root 81666 0.0 0.0 49628 0 ?? SW - 0:00.00 MailScanner: checking with Spam Lists (perl) root 82049 0.0 0.0 47388 0 ?? SW - 0:00.00 MailScanner: checking with Spam Lists (perl) root 82406 0.0 0.4 49412 9100 ?? S 2:30PM 0:16.21 MailScanner: checking with SpamAssassin (perl) root 82726 0.0 0.0 49292 0 ?? SW - 0:00.00 MailScanner: checking with Spam Lists (perl) root 83025 0.0 0.5 49588 9468 ?? S 2:31PM 0:18.75 MailScanner: checking with SpamAssassin (perl) root 83398 0.6 1.1 49572 23232 ?? S 2:31PM 0:21.42 MailScanner: checking with SpamAssassin (perl) root 11719 0.0 0.0 16600 0 ?? SWs - 0:00.00 MailScanner: starting child (perl) root 11734 0.0 0.0 49596 0 ?? SW - 0:00.00 MailScanner: checking with Spam Lists (perl) root 12227 0.0 0.0 49628 0 ?? SW - 0:00.00 MailScanner: checking with Spam Lists (perl) root 12319 0.0 0.0 48800 0 ?? SW - 0:00.00 MailScanner: checking with Spam Lists (perl) root 12715 0.0 0.4 47464 9256 ?? S 2:46PM 0:05.81 MailScanner: checking with Spam Lists (perl) root 12986 0.0 0.0 48864 0 ?? SW - 0:00.00 MailScanner: checking with Spam Lists (perl) root 13570 0.0 0.0 48728 0 ?? SW - 0:00.00 MailScanner: checking with Spam Lists (perl) root 14598 0.0 0.0 48704 0 ?? SW - 0:00.00 MailScanner: checking with Spam Lists (perl) root 17575 0.0 0.5 48824 11124 ?? S 2:49PM 0:05.84 MailScanner: checking with SpamAssassin (perl) root 17719 0.0 0.0 48560 0 ?? SW - 0:00.00 MailScanner: checking with Spam Lists (perl) root 22305 0.0 0.0 632 0 ?? SWs - 0:00.00 /bin/sh /opt/MailScanner/lib/kaspersky-wrapper /usr/local/kav -i0 . root 22457 0.8 1.4 49628 28916 ?? Rs 2:53PM 0:00.14 MailScanner: checking with Spam Lists (perl) root 22492 0.3 1.0 49628 20376 ?? Rs 2:53PM 0:00.09 MailScanner: checking with Spam Lists (perl) root 22513 0.4 1.0 47388 20472 ?? Rs 2:53PM 0:00.09 MailScanner: checking with Spam Lists (perl) root 22523 0.0 0.9 49756 18156 ?? Rs 2:53PM 0:00.04 MailScanner: checking with Spam Lists (perl) root 22525 0.0 0.7 49788 14868 ?? Rs 2:53PM 0:00.04 MailScanner: checking with Spam Lists (perl) root 22529 0.2 1.2 50168 24252 ?? Rs 2:53PM 0:00.08 MailScanner: checking with Spam Lists (perl) root 22542 0.0 0.4 49548 8868 ?? Rs 2:53PM 0:00.02 MailScanner: checking with Spam Lists (perl) root 22544 0.4 1.1 49784 23916 ?? R 2:53PM 0:00.08 MailScanner: checking with SpamAssassin (perl) root 22552 0.2 0.4 49292 8152 ?? Rs 2:53PM 0:00.05 MailScanner: checking with Spam Lists (perl) root 22555 0.9 1.1 48728 23516 ?? Rs 2:53PM 0:00.11 MailScanner: checking with Spam Lists (perl) root 22569 0.0 1.1 49560 22304 ?? Rs 2:53PM 0:00.01 MailScanner: checking with Spam Lists (perl) root 22593 0.0 1.1 49664 23944 ?? R 2:53PM 0:00.05 MailScanner: checking with SpamAssassin (perl) root 22601 0.7 1.0 48560 21500 ?? Rs 2:53PM 0:00.05 MailScanner: checking with Spam Lists (perl) root 22607 0.0 0.9 50288 18484 ?? R 2:53PM 0:00.03 MailScanner: cleaning messages (perl) root 22611 0.0 0.7 49700 13728 ?? R 2:53PM 0:00.01 MailScanner: extracting attachments (perl) root 22612 0.0 1.1 46164 23780 ?? Rs 2:53PM 0:00.01 MailScanner: checking with Spam Lists (perl) root 22621 0.0 1.1 50360 22868 ?? Rs 2:53PM 0:00.01 MailScanner: checking with Spam Lists (perl) root 22626 0.0 1.1 49708 22136 ?? Rs 2:53PM 0:00.02 MailScanner: checking with Spam Lists (perl) root 22629 0.0 0.7 49748 14856 ?? R 2:53PM 0:00.01 MailScanner: extracting attachments (perl) root 22631 0.0 1.1 49776 22736 ?? R 2:53PM 0:00.02 MailScanner: extracting attachments (perl) root 22637 0.0 0.6 48824 12704 ?? R 2:53PM 0:00.01 MailScanner: checking with SpamAssassin (perl) root 22638 0.0 0.5 47464 9500 ?? Ss 2:53PM 0:00.01 MailScanner: checking with Spam Lists (perl) root 22654 0.0 1.0 49684 20944 ?? Rs 2:53PM 0:00.01 MailScanner: checking with Spam Lists (perl) root 22657 0.0 0.4 48808 9072 ?? Ss 2:53PM 0:00.01 MailScanner: checking with Spam Lists (perl) root 22669 0.0 0.3 50224 6800 ?? R 2:53PM 0:00.00 MailScanner: checking with SpamAssassin (perl) root 88870 0.0 0.0 16628 0 ?? IWs - 0:00.00 MailScanner: starting child (perl) root 89391 0.6 1.1 49992 22972 ?? S 1:46PM 1:37.38 MailScanner: checking with SpamAssassin (perl) root 89692 0.0 0.0 50168 0 ?? SW - 0:00.00 MailScanner: checking with Spam Lists (perl) root 90868 0.1 1.3 50144 26224 ?? R 1:47PM 1:32.64 MailScanner: virus scanning (perl) root 91199 0.0 0.0 50240 0 ?? SW - 0:00.00 MailScanner: checking with Spam Lists (perl) root 91595 0.0 0.4 50512 8956 ?? I 1:47PM 1:30.10 MailScanner: checking with SpamAssassin (perl) root 17807 0.0 0.0 16600 0 ?? IWs - 0:00.00 MailScanner: starting child (perl) root 17809 0.0 0.0 49788 0 ?? SW - 0:00.00 MailScanner: checking with Spam Lists (perl) root 18448 0.0 0.0 49756 0 ?? SW - 0:00.00 MailScanner: checking with Spam Lists (perl) root 19151 0.0 0.5 49696 9520 ?? R 2:00PM 0:53.65 MailScanner: checking with Spam Lists (perl) root 19634 0.5 1.0 50240 20636 ?? S 2:00PM 0:58.49 MailScanner: checking with SpamAssassin (perl) root 19953 0.7 0.6 49700 13340 ?? R 2:01PM 0:54.88 MailScanner: extracting attachments (perl) root 20603 0.7 0.7 49748 14584 ?? R 2:01PM 0:54.23 MailScanner: extracting attachments (perl) root 49049 0.0 0.0 16600 0 ?? IWs - 0:00.00 MailScanner: master waiting for children, sleeping (perl) root 49059 0.0 0.4 50044 8408 ?? R 2:15PM 0:35.02 MailScanner: checking with Spam Lists (perl) root 49394 0.0 0.0 49872 0 ?? SW - 0:00.00 MailScanner: checking with Spam Lists (perl) root 49836 0.9 1.0 49684 20584 ?? R 2:15PM 0:35.39 MailScanner: checking with Spam Lists (perl) -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From root at doctor.nl2k.ab.ca Tue Feb 7 21:04:00 2006 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Tue Feb 7 21:04:53 2006 Subject: Outlook Rich Text Format messages - how to let through? In-Reply-To: <43E8FE1C.6010707@USherbrooke.ca> References: <9720CA43F755A148BF65B6618B90CB94126239@magneto.wals.local> <43E8FE1C.6010707@USherbrooke.ca> Message-ID: <20060207210400.GH25264@doctor.nl2k.ab.ca> On Tue, Feb 07, 2006 at 03:07:56PM -0500, Denis Beauchemin wrote: > Jody Cleveland wrote: > > >I'm running MailScanner ver. 4.50.15 on a redhat 4.0AS server that then > >routes to an exchange 2003 server. I recently upgraded to this version > >of MailScanner, and I'm noticing these reports from the quarantine: > > > >MailScanner: No Outlook Rich Text Format messages due to security hole, > >use HTML instead (msg-2611-3.txt) > > > >So, I did some research, and set Deliver Unparsable TNEF to yes. > > > >But, I'm still getting those notices. Is there another setting I'm > >missing? > > > >- jody > > > > > Jody, > > What you're looking for is: > filetype.rules.conf:deny Transport Neutral Encapsulation > Format Windows security > vulnerability No Outlook Rich Text Format > messages due to security hole, use HTML instead > > Denis > > -- > _ > ?v? Denis Beauchemin, analyste > /(_)\ Universit? de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x2252 F: 819.821.8045 > > Just wondering how can one get people on their network to stop using TNEF/winmail.dat? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jethro.binks at strath.ac.uk Tue Feb 7 21:11:29 2006 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Tue Feb 7 21:11:31 2006 Subject: Outlook Rich Text Format messages - how to let through? In-Reply-To: <20060207210400.GH25264@doctor.nl2k.ab.ca> References: <9720CA43F755A148BF65B6618B90CB94126239@magneto.wals.local> <43E8FE1C.6010707@USherbrooke.ca> <20060207210400.GH25264@doctor.nl2k.ab.ca> Message-ID: <20060207211041.A91797@defjam.cc.strath.ac.uk> On Tue, 7 Feb 2006, Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > > What you're looking for is: > > filetype.rules.conf:deny Transport Neutral Encapsulation > > Format Windows security > > vulnerability No Outlook Rich Text Format > > messages due to security hole, use HTML instead > > > > Just wondering how can one get people on their network to stop using > TNEF/winmail.dat? Block it all with MailScanner - they'll soon reconfigure their client when they can't mail anyone :) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services University Of Strathclyde, Glasgow, UK From alex at nkpanama.com Tue Feb 7 21:28:06 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Feb 7 21:28:19 2006 Subject: Outlook Rich Text Format messages - how to let through? In-Reply-To: <20060207210400.GH25264@doctor.nl2k.ab.ca> References: <9720CA43F755A148BF65B6618B90CB94126239@magneto.wals.local> <43E8FE1C.6010707@USherbrooke.ca> <20060207210400.GH25264@doctor.nl2k.ab.ca> Message-ID: <43E910E6.1030209@nkpanama.com> Beat them upside the head with a LART... Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > On Tue, Feb 07, 2006 at 03:07:56PM -0500, Denis Beauchemin wrote: > >> Jody Cleveland wrote: >> >> >>> I'm running MailScanner ver. 4.50.15 on a redhat 4.0AS server that then >>> routes to an exchange 2003 server. I recently upgraded to this version >>> of MailScanner, and I'm noticing these reports from the quarantine: >>> >>> MailScanner: No Outlook Rich Text Format messages due to security hole, >>> use HTML instead (msg-2611-3.txt) >>> >>> So, I did some research, and set Deliver Unparsable TNEF to yes. >>> >>> But, I'm still getting those notices. Is there another setting I'm >>> missing? >>> >>> - jody >>> >>> >>> >> Jody, >> >> What you're looking for is: >> filetype.rules.conf:deny Transport Neutral Encapsulation >> Format Windows security >> vulnerability No Outlook Rich Text Format >> messages due to security hole, use HTML instead >> >> Denis >> >> -- >> _ >> ?v? Denis Beauchemin, analyste >> /(_)\ Universit? de Sherbrooke, S.T.I. >> ^ ^ T: 819.821.8000x2252 F: 819.821.8045 >> >> >> > > > > Just wondering how can one get people on their network to stop using > TNEF/winmail.dat? > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060207/5a35e7f3/attachment.html From hermit921 at yahoo.com Tue Feb 7 21:31:07 2006 From: hermit921 at yahoo.com (hermit921) Date: Tue Feb 7 21:31:01 2006 Subject: email problem primer In-Reply-To: <038a01c62c13$14da7620$453711d4@arthur> References: <43E8E215.4060702@trayerproducts.com> <038a01c62c13$14da7620$453711d4@arthur> Message-ID: <6.2.1.2.2.20060207133010.03186d28@pop.mail.yahoo.com> This is a bit off-topic, but I am trying to get out of searching MailScanner logs when a problem is more easily solved by the end user or their PC support. I need to write a simple document about analyzing email problems. This will not be given to PC support staff who know almost nothing about email. I know it will need to include: 1. how to determine who sent the message 2. how to determine who should have received the message 3. read a returned error message and figure out what it means 4. look at the headers and figure out what mail servers were involved and when It will not be mail client specific. It will not include looking at mail logs. It will not be mail server specific. Does anyone have such a document already? Thanks, hermit921 From alex at nkpanama.com Tue Feb 7 21:34:16 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Feb 7 21:34:23 2006 Subject: email problem primer In-Reply-To: <6.2.1.2.2.20060207133010.03186d28@pop.mail.yahoo.com> References: <43E8E215.4060702@trayerproducts.com> <038a01c62c13$14da7620$453711d4@arthur> <6.2.1.2.2.20060207133010.03186d28@pop.mail.yahoo.com> Message-ID: <43E91258.7060406@nkpanama.com> Good luck. If I have anything to contribute I'll let you know. hermit921 wrote: > This is a bit off-topic, but I am trying to get out of searching > MailScanner logs when a problem is more easily solved by the end user > or their PC support. > > I need to write a simple document about analyzing email problems. > This will not be given to PC support staff who know almost nothing > about email. I know it will need to include: > 1. how to determine who sent the message > 2. how to determine who should have received the message > 3. read a returned error message and figure out what it means > 4. look at the headers and figure out what mail servers were involved > and when > > It will not be mail client specific. It will not include looking at > mail logs. It will not be mail server specific. > > Does anyone have such a document already? > > Thanks, > hermit921 > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From martinh at solid-state-logic.com Tue Feb 7 21:37:05 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Feb 7 21:37:14 2006 Subject: More 4.50.15 woes on FreeBSD In-Reply-To: <43E8F737.4060100@tulsaconnect.com> Message-ID: <001001c62c2e$a3f50760$4101a8c0@martinhlaptop> Hmm how did you install if you didn't use the install.sh??? ports? If you didn't use install.sh or the ports install please use the install.sh version. It will take care of all perl modules etc etc and will allow you to backout very nicely...and yes there are more perl modules to install in order to use the SA cache (SQLLite for one). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of TCIS List Acct > Sent: 07 February 2006 19:39 > To: MailScanner discussion > Subject: Re: More 4.50.15 woes on FreeBSD > > > > Julian Field wrote: > > >> I'm running exim 4.34-0 on FreeBSD 4.9. With that in mind, should > >> I edit the line to say: > >> > >> if (MailScanner::Config::Value('mta') =~ /exim|postfix/i) { > > > > No, you should do the exact opposite, so you want /sendmail|postfix/i) { > > - -- > > FWIW, this was on line # 1394 in my Message.pm. > > I've made the change and will let you know the results. > > Is there any specific Perl modules that need to be updated with 4.50.15 > that I might have missed since I don't install from the RPM or install.sh? > > -- > > ----------------------------------------- > Mike Bacher / listacct@tulsaconnect.com > TCIS - TulsaConnect Internet Services > http://www.tulsaconnect.com > ----------------------------------------- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From Kevin_Miller at ci.juneau.ak.us Tue Feb 7 21:37:57 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Feb 7 21:38:02 2006 Subject: Outlook Rich Text Format messages - how to let through? Message-ID: Dave Shariff Yadallee - System Administrator a.k.a. The Root of theProblem wrote: > Just wondering how can one get people on their network to stop using > TNEF/winmail.dat? If you have access to the exchange server, you can set it to never send in rich text format. Internally people can still use it if they don't want to change it and you don't have a LART handy. Externally, the exchange server will turn it into html. I have our exchange server to not send in RTF, and set my Outlook client to do so. When it landed in my home account it wasn't plain text. Here's a bit of the headers: MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft Exchange V6.5 Content-type: multipart/alternative; boundary="----_=_NextPart_001_01C62C2B.EB7BEBA9" Content-class: urn:content-classes:message Thread-topic: test with rtf Thread-index: AcYsK+t71/dIBU3rReKjfw+hvtH7pw== X-MS-Has-Attach: X-MS-TNEF-Correlator: X-CBJ-MailScanner-Information: Please contact postmaster at ci.juneau.ak.us for more information X-CBJ-MailScanner: Found to be clean X-CBJ-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=-5.898, required 5, autolearn=not spam, ALL_TRUSTED -3.30, BAYES_00 -2.60, HTML_MESSAGE 0.00) X-MailScanner-From: kevin_miller@ci.juneau.ak.us X-ACS-Spam-Status: no X-ACS-Spam-Score: 0.152 () X-ACS-Spam-Tests: HTML_70_80,HTML_MESSAGE, X-ACS-Scanned-By: MD 2.51; SA 3.0.4; spamdefang 1.116 Original-recipient: rfc822;millerboys@acsalaska.net The X-CBJ-MailScanner headers are mine - the X-ACS headers are my home account ISP's. Both seem to indicate that the message is in HTML format. The mime content type "Content-type: multipart/alternative;" is sorta different. Alternative is a bit open ended for my taste but one gets what one gets with the boys from Redmond... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From rob at robhq.com Tue Feb 7 22:25:34 2006 From: rob at robhq.com (Rob Freeman) Date: Tue Feb 7 22:25:38 2006 Subject: symantec scan on MailScanner Message-ID: <43E91E5E.10704@robhq.com> I was wondering if anyone was using this with MailScanner. We are looking to add another virus scan engine and got a good deal through our parent company. Thanks in advance Rob From mikej at rogers.com Tue Feb 7 22:31:05 2006 From: mikej at rogers.com (Mike Jakubik) Date: Tue Feb 7 22:31:01 2006 Subject: Update problems with SQLBlackWhiteList.pm and MS Message-ID: <43E91FA9.1020903@rogers.com> Hello, I am trying to use MailWatch's SQLBlackWhiteList.pm file for my own use. This file is based on the example found in CustomConfig.pm. The problem i am having is that while adding new entries in to the sql database works fine, however when removing them, MS does not seem to see the change until it is restarted. I have taken off the refresh timer found in SQLBlackWhiteList.pm for debugging purposes, and the mail logs verify that the file is reading in the correct amount of entries, however MS is not seeing them until it is restarted. I have looked over the SQLBlackWhiteList.pm script and i cant see a problem in it, it seems to be doing its job, and the logs verify this. Can anyone shed some light? Thanks. From ssilva at sgvwater.com Tue Feb 7 22:40:36 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 7 22:40:57 2006 Subject: Update problems with SQLBlackWhiteList.pm and MS In-Reply-To: <43E91FA9.1020903@rogers.com> References: <43E91FA9.1020903@rogers.com> Message-ID: Mike Jakubik spake the following on 2/7/2006 2:31 PM: > Hello, > > I am trying to use MailWatch's SQLBlackWhiteList.pm file for my own use. > This file is based on the example found in CustomConfig.pm. The problem > i am having is that while adding new entries in to the sql database > works fine, however when removing them, MS does not seem to see the > change until it is restarted. I have taken off the refresh timer found > in SQLBlackWhiteList.pm for debugging purposes, and the mail logs verify > that the file is reading in the correct amount of entries, however MS is > not seeing them until it is restarted. I have looked over the > SQLBlackWhiteList.pm script and i cant see a problem in it, it seems to > be doing its job, and the logs verify this. Can anyone shed some light? > > Thanks. You need to at least do a "reload" to pull the lists in, as it is still read into memory, not a live DB call. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mikej at rogers.com Tue Feb 7 22:54:53 2006 From: mikej at rogers.com (Mike Jakubik) Date: Tue Feb 7 22:54:47 2006 Subject: Update problems with SQLBlackWhiteList.pm and MS In-Reply-To: References: <43E91FA9.1020903@rogers.com> Message-ID: <43E9253D.2020404@rogers.com> Scott Silva wrote: > Mike Jakubik spake the following on 2/7/2006 2:31 PM: > >> Hello, >> >> I am trying to use MailWatch's SQLBlackWhiteList.pm file for my own use. >> This file is based on the example found in CustomConfig.pm. The problem >> i am having is that while adding new entries in to the sql database >> works fine, however when removing them, MS does not seem to see the >> change until it is restarted. I have taken off the refresh timer found >> in SQLBlackWhiteList.pm for debugging purposes, and the mail logs verify >> that the file is reading in the correct amount of entries, however MS is >> not seeing them until it is restarted. I have looked over the >> SQLBlackWhiteList.pm script and i cant see a problem in it, it seems to >> be doing its job, and the logs verify this. Can anyone shed some light? >> >> Thanks. >> > You need to at least do a "reload" to pull the lists in, as it is still read > into memory, not a live DB call. > But I don't understand why when i add new entries it picks them up, but not when i delete them. Are you saying there is no way around this, other than to force a mailscanner restart after every update to the white/black list? This doesn't make sense to me, why is there a timer in the script and why is the database re-read then? Could you provide more details? Thank you. From ssilva at sgvwater.com Tue Feb 7 23:01:48 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 7 23:02:10 2006 Subject: Update problems with SQLBlackWhiteList.pm and MS In-Reply-To: <43E9253D.2020404@rogers.com> References: <43E91FA9.1020903@rogers.com> <43E9253D.2020404@rogers.com> Message-ID: Mike Jakubik spake the following on 2/7/2006 2:54 PM: > Scott Silva wrote: >> Mike Jakubik spake the following on 2/7/2006 2:31 PM: >> >>> Hello, >>> >>> I am trying to use MailWatch's SQLBlackWhiteList.pm file for my own use. >>> This file is based on the example found in CustomConfig.pm. The problem >>> i am having is that while adding new entries in to the sql database >>> works fine, however when removing them, MS does not seem to see the >>> change until it is restarted. I have taken off the refresh timer found >>> in SQLBlackWhiteList.pm for debugging purposes, and the mail logs verify >>> that the file is reading in the correct amount of entries, however MS is >>> not seeing them until it is restarted. I have looked over the >>> SQLBlackWhiteList.pm script and i cant see a problem in it, it seems to >>> be doing its job, and the logs verify this. Can anyone shed some light? >>> >>> Thanks. >>> >> You need to at least do a "reload" to pull the lists in, as it is >> still read >> into memory, not a live DB call. >> > > > But I don't understand why when i add new entries it picks them up, but > not when i delete them. Are you saying there is no way around this, > other than to force a mailscanner restart after every update to the > white/black list? This doesn't make sense to me, why is there a timer in > the script and why is the database re-read then? Could you provide more > details? > > Thank you. > The timer in the script reloads the configuration every 15 minutes in the default. But sometimes the running children might not see the changes until they die off. It shouldn't happen, but it does. It might just be the children that already have a batch picked up. There is a patch floating around to have the list read from the database through the socket, and not into memory, but I haven't tried it, and since I don't usually remove entries that often, I haven't seen the need to try it. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mikej at rogers.com Tue Feb 7 23:11:46 2006 From: mikej at rogers.com (Mike Jakubik) Date: Tue Feb 7 23:11:38 2006 Subject: Update problems with SQLBlackWhiteList.pm and MS In-Reply-To: References: <43E91FA9.1020903@rogers.com> <43E9253D.2020404@rogers.com> Message-ID: <43E92932.8080103@rogers.com> Scott Silva wrote: > Mike Jakubik spake the following on 2/7/2006 2:54 PM: > >> But I don't understand why when i add new entries it picks them up, but >> not when i delete them. Are you saying there is no way around this, >> other than to force a mailscanner restart after every update to the >> white/black list? This doesn't make sense to me, why is there a timer in >> the script and why is the database re-read then? Could you provide more >> details? >> >> Thank you. >> >> > The timer in the script reloads the configuration every 15 minutes in the > default. But sometimes the running children might not see the changes until > they die off. It shouldn't happen, but it does. It might just be the children > that already have a batch picked up. There is a patch floating around to have > the list read from the database through the socket, and not into memory, but I > haven't tried it, and since I don't usually remove entries that often, I > haven't seen the need to try it. Right, and you would expect MS to behave accordingly, but it does not. In fact i can 100% replicate the problem, when you add an entry, it gets read in and works fine, when you delete one, it stays in memory until the child is killed. This on an idle test system, so no children are busy. It just seems weird to me that it reads in new entries, but keeps old ones. As if some variable was not being cleared. Could you kindly point me to the location of this patch? Thanks. From taz at taz-mania.com Tue Feb 7 23:12:52 2006 From: taz at taz-mania.com (Dennis Willson) Date: Tue Feb 7 23:13:00 2006 Subject: Update problems with SQLBlackWhiteList.pm and MS In-Reply-To: <43E9253D.2020404@rogers.com> References: <43E91FA9.1020903@rogers.com> <43E9253D.2020404@rogers.com> Message-ID: <43E92974.9040102@taz-mania.com> The timer is to cause a re-read of the data in the database. SQLBlackWhiteList.pm reads the data from the database and puts into memory for use. The timer causes it to dump the old data and read in the new data. Also if MS stops and restarts it will cause SQLBlackWhiteList.pm to re-read. I got around this by writing my own SQLBlackWhiteList.pm that always goes directly to the database. I see no reduction in performance (although if I ever reached 100% load there probably would be), It uses a lot less memory (SQLBlackWhiteList.pm uses one "block" of memory for each entry in each list times the number of MS threads. Which means that if you have 100 entries in your Black/White lists and 10 MS threads, you use 1000 memory blocks. The entire list is duplicated in memory for each MS thread). It also allows for "instant" updates. Dennis Mike Jakubik wrote: > Scott Silva wrote: > >> Mike Jakubik spake the following on 2/7/2006 2:31 PM: >> >> >>> Hello, >>> >>> I am trying to use MailWatch's SQLBlackWhiteList.pm file for my own use. >>> This file is based on the example found in CustomConfig.pm. The problem >>> i am having is that while adding new entries in to the sql database >>> works fine, however when removing them, MS does not seem to see the >>> change until it is restarted. I have taken off the refresh timer found >>> in SQLBlackWhiteList.pm for debugging purposes, and the mail logs verify >>> that the file is reading in the correct amount of entries, however MS is >>> not seeing them until it is restarted. I have looked over the >>> SQLBlackWhiteList.pm script and i cant see a problem in it, it seems to >>> be doing its job, and the logs verify this. Can anyone shed some light? >>> >>> Thanks. >>> >> >> You need to at least do a "reload" to pull the lists in, as it is >> still read >> into memory, not a live DB call. >> > > > > But I don't understand why when i add new entries it picks them up, but > not when i delete them. Are you saying there is no way around this, > other than to force a mailscanner restart after every update to the > white/black list? This doesn't make sense to me, why is there a timer in > the script and why is the database re-read then? Could you provide more > details? > > Thank you. > From mikej at rogers.com Tue Feb 7 23:23:27 2006 From: mikej at rogers.com (Mike Jakubik) Date: Tue Feb 7 23:23:18 2006 Subject: Update problems with SQLBlackWhiteList.pm and MS In-Reply-To: <43E92974.9040102@taz-mania.com> References: <43E91FA9.1020903@rogers.com> <43E9253D.2020404@rogers.com> <43E92974.9040102@taz-mania.com> Message-ID: <43E92BEF.8050306@rogers.com> Dennis Willson wrote: > The timer is to cause a re-read of the data in the database. > SQLBlackWhiteList.pm reads the data from the database and puts into > memory for use. The timer causes it to dump the old data and read in > the new data. Also if MS stops and restarts it will cause > SQLBlackWhiteList.pm to re-read. Yes, i understand that. What i am saying though is that the re-read data is not really whats in the database. It still matches stale entries that are NOT in the database. In any case, i as i mentioned before, i disabled the timer, so the entries are always re-read. > > I got around this by writing my own SQLBlackWhiteList.pm that always > goes directly to the database. I see no reduction in performance > (although if I ever reached 100% load there probably would be), It > uses a lot less memory (SQLBlackWhiteList.pm uses one "block" of > memory for each entry in each list times the number of MS threads. > Which means that if you have 100 entries in your Black/White lists and > 10 MS threads, you use 1000 memory blocks. The entire list is > duplicated in memory for each MS thread). It also allows for "instant" > updates. > > Dennis Any chance of you sharing this code? From listacct at tulsaconnect.com Tue Feb 7 23:26:00 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Tue Feb 7 23:25:54 2006 Subject: More 4.50.15 woes on FreeBSD In-Reply-To: <001001c62c2e$a3f50760$4101a8c0@martinhlaptop> References: <001001c62c2e$a3f50760$4101a8c0@martinhlaptop> Message-ID: <43E92C88.9010303@tulsaconnect.com> Martin Hepworth wrote: > Hmm how did you install if you didn't use the install.sh??? ports? No. I've always used the .tar.gz and installed by hand. Been doing so for many years w/o a problem. > If you didn't use install.sh or the ports install please use the install.sh > version. I don't think that is the solution. > It will take care of all perl modules etc etc and will allow you to backout > very nicely...and yes there are more perl modules to install in order to use > the SA cache (SQLLite for one). Yes, I've already installed the latest DBI and SQLLite. The problem is directly related to new code in 4.50.15, as 4.47.x runs perfectly. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From mikej at rogers.com Wed Feb 8 00:00:13 2006 From: mikej at rogers.com (Mike Jakubik) Date: Wed Feb 8 00:00:22 2006 Subject: Update problems with SQLBlackWhiteList.pm and MS [FIXED] In-Reply-To: <43E92BEF.8050306@rogers.com> References: <43E91FA9.1020903@rogers.com> <43E9253D.2020404@rogers.com> <43E92974.9040102@taz-mania.com> <43E92BEF.8050306@rogers.com> Message-ID: <43E9348D.6050906@rogers.com> Thanks for all the help guys (even though most of you misunderstood the problem) but the problem is in the SQLBlakWhiteList.pm file. A variable is not being cleared prior to update, so entries are only being appended to it, until of course the child dies and restarts. From ssilva at sgvwater.com Wed Feb 8 00:05:38 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Feb 8 00:06:18 2006 Subject: Update problems with SQLBlackWhiteList.pm and MS In-Reply-To: <43E92932.8080103@rogers.com> References: <43E91FA9.1020903@rogers.com> <43E9253D.2020404@rogers.com> <43E92932.8080103@rogers.com> Message-ID: Mike Jakubik spake the following on 2/7/2006 3:11 PM: > Scott Silva wrote: >> Mike Jakubik spake the following on 2/7/2006 2:54 PM: >> >>> But I don't understand why when i add new entries it picks them up, but >>> not when i delete them. Are you saying there is no way around this, >>> other than to force a mailscanner restart after every update to the >>> white/black list? This doesn't make sense to me, why is there a timer in >>> the script and why is the database re-read then? Could you provide more >>> details? >>> >>> Thank you. >>> >>> >> The timer in the script reloads the configuration every 15 minutes in the >> default. But sometimes the running children might not see the changes >> until >> they die off. It shouldn't happen, but it does. It might just be the >> children >> that already have a batch picked up. There is a patch floating around >> to have >> the list read from the database through the socket, and not into >> memory, but I >> haven't tried it, and since I don't usually remove entries that often, I >> haven't seen the need to try it. > > Right, and you would expect MS to behave accordingly, but it does not. > In fact i can 100% replicate the problem, when you add an entry, it gets > read in and works fine, when you delete one, it stays in memory until > the child is killed. This on an idle test system, so no children are > busy. It just seems weird to me that it reads in new entries, but keeps > old ones. As if some variable was not being cleared. Could you kindly > point me to the location of this patch? > > Thanks. > This patch was created by Dennis Willson; http://www.namesystems.net/mailwatch.html -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Feb 8 00:08:07 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Feb 8 00:12:12 2006 Subject: Update problems with SQLBlackWhiteList.pm and MS In-Reply-To: <43E92BEF.8050306@rogers.com> References: <43E91FA9.1020903@rogers.com> <43E9253D.2020404@rogers.com> <43E92974.9040102@taz-mania.com> <43E92BEF.8050306@rogers.com> Message-ID: Mike Jakubik spake the following on 2/7/2006 3:23 PM: > Dennis Willson wrote: >> The timer is to cause a re-read of the data in the database. >> SQLBlackWhiteList.pm reads the data from the database and puts into >> memory for use. The timer causes it to dump the old data and read in >> the new data. Also if MS stops and restarts it will cause >> SQLBlackWhiteList.pm to re-read. > > Yes, i understand that. What i am saying though is that the re-read data > is not really whats in the database. It still matches stale entries that > are NOT in the database. In any case, i as i mentioned before, i > disabled the timer, so the entries are always re-read. Disabling the timer will make the entries "not" be read until the next timed MailScanner restart. That could be anywhere from 4 hours to 24 hours or ??? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From alex at nkpanama.com Wed Feb 8 00:20:46 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 8 00:20:53 2006 Subject: symantec scan on MailScanner In-Reply-To: <43E91E5E.10704@robhq.com> References: <43E91E5E.10704@robhq.com> Message-ID: <43E9395E.6010207@nkpanama.com> Which ones do you already have? Rob Freeman wrote: > I was wondering if anyone was using this with MailScanner. We are > looking to add another virus scan engine and got a good deal through > our parent company. > Thanks in advance > > Rob -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From smf at f2s.com Wed Feb 8 00:23:33 2006 From: smf at f2s.com (Steve Freegard) Date: Wed Feb 8 00:21:20 2006 Subject: Update problems with SQLBlackWhiteList.pm and MS [FIXED] In-Reply-To: <43E9348D.6050906@rogers.com> References: <43E91FA9.1020903@rogers.com> <43E9253D.2020404@rogers.com> <43E92974.9040102@taz-mania.com> <43E92BEF.8050306@rogers.com> <43E9348D.6050906@rogers.com> Message-ID: <1139358214.16590.99.camel@localhost.localdomain> Hi Mike, On Tue, 2006-02-07 at 19:00 -0500, Mike Jakubik wrote: > Thanks for all the help guys (even though most of you misunderstood the > problem) but the problem is in the SQLBlakWhiteList.pm file. A variable > is not being cleared prior to update, so entries are only being appended > to it, until of course the child dies and restarts. Good catch - I've just read through the code and I think you're on to something, please can you try the attached and see if it cures the problem for you and let me know. Thanks, Steve. -------------- next part -------------- A non-text attachment was scrubbed... Name: SQLBlackWhiteList.pm Type: application/x-perl Size: 5201 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060208/19e613e6/SQLBlackWhiteList.bin From mikej at rogers.com Wed Feb 8 00:23:21 2006 From: mikej at rogers.com (Mike Jakubik) Date: Wed Feb 8 00:23:10 2006 Subject: Update problems with SQLBlackWhiteList.pm and MS In-Reply-To: References: <43E91FA9.1020903@rogers.com> <43E9253D.2020404@rogers.com> <43E92974.9040102@taz-mania.com> <43E92BEF.8050306@rogers.com> Message-ID: <43E939F9.8030806@rogers.com> Scott Silva wrote: >> Yes, i understand that. What i am saying though is that the re-read data >> is not really whats in the database. It still matches stale entries that >> are NOT in the database. In any case, i as i mentioned before, i >> disabled the timer, so the entries are always re-read. >> > Disabling the timer will make the entries "not" be read until the next timed > MailScanner restart. That could be anywhere from 4 hours to 24 hours or ??? > > No, you are misunderstanding me. I commented out the whole function, the "if timer expired" is gone, so it always executes. In any case, i found the problem, as described in my previous post. Thanks for the link. From Edge at twu.ca Wed Feb 8 00:25:55 2006 From: Edge at twu.ca (Richard Edge) Date: Wed Feb 8 00:29:01 2006 Subject: EUREKA! was ALL_TRUSTED problems Message-ID: Many thanks to Glenn, Julian, Matt, Scott and others who helped me wrestle with my ALL_TRUSTED problem which was actually a problem with mailscanner.cf directives being ignored for some reason. While I did manage to resolve the other errors I encountered with 'MailScanner --lint' it seemed like a good idea to remove and install again from scratch. The problems are all now resolved after removal of MailScanner and SpamAssassin and re-installing ver 4.50.15-1 on both gateways today. Thanks again and my apologies for generating so much traffic on this issue. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Tuesday, February 07, 2006 5:03 AM To: MailScanner discussion Subject: Re: ALL_TRUSTED problems On 07/02/06, Scott Silva wrote: > Richard Edge spake the following on 2/6/2006 3:10 PM: > > Yes, the symlink is in place. I am beginning to think that removing > > MailScanner and reinstalling from scratch is looking a little more > > attractive at this point too. > > > > I take it that all I need to do to remove it is the delete the > > follwing directories and their contents: > > > > /etc/MailScanner > > /usr/lib/MailScanner > > /usr/sbin/MailScanner > > > > If I want to install SA 3.1 from scratch, what do I need to do other > > than Julian's earlier suggestion of removing SpamAssassin.pm > > > > Richard Edge > > Senior Systems Administrator | Technology Services Trinity Western > > University | t: 604.513.2089 > > f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > > > > > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > Scott Silva > > Sent: Monday, February 06, 2006 2:14 PM > > To: mailscanner@lists.mailscanner.info > > Subject: Re: ALL_TRUSTED problems > > > > Richard Edge spake the following on 2/6/2006 9:30 AM: > >> Hi Scott, > >> > >> I tried your suggestion, but still no joy. Thanks anyways. > >> > >> Richard Edge > >> Senior Systems Administrator | Technology Services Trinity Western > >> University | t: 604.513.2089 > >> f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology > > Have you verified that your /etc/mail/spamassassin/mailscanner.cf is > > a symlink to /etc/MailScanner/spam.assassin.prefs.conf? > > > > Otherwise, I'm at a loss. Maybe time to hose the MailScanner and > > Spamassassin installs, and start over? > > > > > > > That should do it, but you might want to mv instead of rm, just in case. > > You can always kill it later. I always keep one stable version back, just in case. > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > If you're on an RPM install/system, you'd better use cp (ro back them up) and rpm -e (on the relevant package ... mailscanner, I'd imagine), to keep the rpm database in sync with reality. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4610 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060207/941a2a08/smime.bin From mikej at rogers.com Wed Feb 8 00:30:48 2006 From: mikej at rogers.com (Mike Jakubik) Date: Wed Feb 8 00:30:37 2006 Subject: Update problems with SQLBlackWhiteList.pm and MS [FIXED] In-Reply-To: <1139358214.16590.99.camel@localhost.localdomain> References: <43E91FA9.1020903@rogers.com> <43E9253D.2020404@rogers.com> <43E92974.9040102@taz-mania.com> <43E92BEF.8050306@rogers.com> <43E9348D.6050906@rogers.com> <1139358214.16590.99.camel@localhost.localdomain> Message-ID: <43E93BB8.2050602@rogers.com> Steve Freegard wrote: > Hi Mike, > > On Tue, 2006-02-07 at 19:00 -0500, Mike Jakubik wrote: > >> Thanks for all the help guys (even though most of you misunderstood the >> problem) but the problem is in the SQLBlakWhiteList.pm file. A variable >> is not being cleared prior to update, so entries are only being appended >> to it, until of course the child dies and restarts. >> > > Good catch - I've just read through the code and I think you're on to > something, please can you try the attached and see if it cures the > problem for you and let me know. Heh, thats the exact same change i made. It tested it, it works fine. From rob at robhq.com Wed Feb 8 00:37:32 2006 From: rob at robhq.com (Rob Freeman) Date: Wed Feb 8 00:37:37 2006 Subject: symantec scan on MailScanner In-Reply-To: <43E9395E.6010207@nkpanama.com> References: <43E91E5E.10704@robhq.com> <43E9395E.6010207@nkpanama.com> Message-ID: <43E93D4C.2020201@robhq.com> Alex Neuman van der Hans wrote: > Which ones do you already have? > > Rob Freeman wrote: >> I was wondering if anyone was using this with MailScanner. We are >> looking to add another virus scan engine and got a good deal through >> our parent company. >> Thanks in advance >> >> Rob > Currently using clam, f-prot, and avg. We just got audited, and they wanted us to add one of the " big " vendors to the list. From alex at nkpanama.com Wed Feb 8 01:19:12 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 8 01:19:26 2006 Subject: symantec scan on MailScanner In-Reply-To: <43E93D4C.2020201@robhq.com> References: <43E91E5E.10704@robhq.com> <43E9395E.6010207@nkpanama.com> <43E93D4C.2020201@robhq.com> Message-ID: <43E94710.40906@nkpanama.com> BDC? Rob Freeman wrote: > Alex Neuman van der Hans wrote: >> Which ones do you already have? >> >> Rob Freeman wrote: >>> I was wondering if anyone was using this with MailScanner. We are >>> looking to add another virus scan engine and got a good deal through >>> our parent company. >>> Thanks in advance >>> >>> Rob >> > Currently using clam, f-prot, and avg. We just got audited, and they > wanted us to add one of the " big " vendors to the list. -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From john at jolet.net Wed Feb 8 01:36:00 2006 From: john at jolet.net (John Jolet) Date: Wed Feb 8 01:36:06 2006 Subject: symantec scan on MailScanner In-Reply-To: <43E94710.40906@nkpanama.com> References: <43E91E5E.10704@robhq.com> <43E9395E.6010207@nkpanama.com> <43E93D4C.2020201@robhq.com> <43E94710.40906@nkpanama.com> Message-ID: <2A4E1FD0-8BEC-4430-A47A-21C23E3E5453@jolet.net> On Feb 7, 2006, at 7:19 PM, Alex Neuman van der Hans wrote: > BDC? > > Rob Freeman wrote: >> Alex Neuman van der Hans wrote: >>> Which ones do you already have? >>> >>> Rob Freeman wrote: >>>> I was wondering if anyone was using this with MailScanner. We >>>> are looking to add another virus scan engine and got a good deal >>>> through our parent company. >>>> Thanks in advance >>>> >>>> Rob >>> >> Currently using clam, f-prot, and avg. We just got audited, and >> they wanted us to add one of the " big " vendors to the list. > why? they are not any more effective. Less, in fact, in my experience. > -- > > Alex Neuman van der Hans > N&K Technology Consultants > Tel. +507 214-9002 - http://nkpanama.com/ > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From alex at nkpanama.com Wed Feb 8 01:44:36 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 8 01:44:46 2006 Subject: symantec scan on MailScanner In-Reply-To: <2A4E1FD0-8BEC-4430-A47A-21C23E3E5453@jolet.net> References: <43E91E5E.10704@robhq.com> <43E9395E.6010207@nkpanama.com> <43E93D4C.2020201@robhq.com> <43E94710.40906@nkpanama.com> <2A4E1FD0-8BEC-4430-A47A-21C23E3E5453@jolet.net> Message-ID: <43E94D04.5030006@nkpanama.com> Very true. You can tell your auditors that you'll gladly wear a pillow on top of your kevlar vest, if they're going to pay for it... as long as it doesn't come out of the same budget as your salary raise. John Jolet wrote: > > On Feb 7, 2006, at 7:19 PM, Alex Neuman van der Hans wrote: > >> BDC? >> >> Rob Freeman wrote: >>> Alex Neuman van der Hans wrote: >>>> Which ones do you already have? >>>> >>>> Rob Freeman wrote: >>>>> I was wondering if anyone was using this with MailScanner. We are >>>>> looking to add another virus scan engine and got a good deal >>>>> through our parent company. >>>>> Thanks in advance >>>>> >>>>> Rob >>>> >>> Currently using clam, f-prot, and avg. We just got audited, and >>> they wanted us to add one of the " big " vendors to the list. >> > why? they are not any more effective. Less, in fact, in my experience. > >> -- >> Alex Neuman van der Hans >> N&K Technology Consultants >> Tel. +507 214-9002 - http://nkpanama.com/ >> >> --MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From rob at robhq.com Wed Feb 8 01:47:59 2006 From: rob at robhq.com (Rob Freeman) Date: Wed Feb 8 01:48:03 2006 Subject: symantec scan on MailScanner In-Reply-To: <43E94710.40906@nkpanama.com> References: <43E91E5E.10704@robhq.com> <43E9395E.6010207@nkpanama.com> <43E93D4C.2020201@robhq.com> <43E94710.40906@nkpanama.com> Message-ID: <43E94DCF.70803@robhq.com> Alex Neuman van der Hans wrote: > BDC? > > Rob Freeman wrote: >> Alex Neuman van der Hans wrote: >>> Which ones do you already have? >>> >>> Rob Freeman wrote: >>>> I was wondering if anyone was using this with MailScanner. We are >>>> looking to add another virus scan engine and got a good deal >>>> through our parent company. >>>> Thanks in advance >>>> >>>> Rob >>> >> Currently using clam, f-prot, and avg. We just got audited, and they >> wanted us to add one of the " big " vendors to the list. > They do not include that on the " big " ones. We work for a bank and they want something the recognize like mcafee, Symantec, etc etc. We have not had an email virus in 3 years, but per the audit they asked for more of a known name scanner. They gave us a deal on Symantec. The wonders of working for a big company. From dmehler26 at woh.rr.com Wed Feb 8 04:06:54 2006 From: dmehler26 at woh.rr.com (Dave) Date: Wed Feb 8 04:15:54 2006 Subject: mailscanner and perdomain white and blacklists References: <003f01c62787$c3f61370$0200a8c0@satellite> <46930868-3367-42BE-91FD-75B47F99B677@ecs.soton.ac.uk> <002b01c6281b$79cb1c20$0200a8c0@satellite> <43E2414A.90901@ecs.soton.ac.uk> <004e01c62c0a$a8159680$0200a8c0@satellite> <43E8DDAF.1050109@netmagicsolutions.com> Message-ID: <00bb01c62c65$1a500a50$0200a8c0@satellite> Hi, Thanks for the clarification. I think i got it. So the default file is for everyone, and then domain and user-specific stuff is for individual users and domains? Thanks a lot. Dave. ----- Original Message ----- From: "Dhawal Doshy" To: "MailScanner discussion" Sent: Tuesday, February 07, 2006 12:49 PM Subject: Re: mailscanner and perdomain white and blacklists > Dave wrote: >> Hi Julian, >> Sorry about the long delay in getting back to you. I checked out >> CustomConfig.pm and if i'm reading it right what i have to do is set the >> "Is Definitely Spam" and "Is Definitely Spam" to point to a directory > > Umm no.. the directory pointing is already done. > egrep '^my \$BlacklistDir|^my \$WhitelistDir' CustomConfig.pm > > You need to point 'Is Definitely Not Spam' and 'Is Definitely Spam' to a > function.. '&ByDomainSpamWhitelist' and '&ByDomainSpamBlacklist' to be > precise.. > > Now create the directories as defined in CustomConfig.pm.. typically > /etc/MailScanner/spam.bydomain/whitelist > /etc/MailScanner/spam.bydomain/blacklist > > A file named 'default' will be the global (server-wide) list, 'domain.tld' > will the domain specific list and 'user@domain.tld' will be the user > specific list. > > 'default', 'domain.tld' and 'user@domain.tld' can exist in both > directories as per your requirements. > > The content of 'default', 'domain.tld' and 'user@domain.tld' can be a mix > of domains, email-addresses and ip-addresses (one per line). > > Once you have it working, also look at the 'Definite Spam Is High Scoring' > option. > > Hope it is clear now :-) > > - dhawal > >> for white and blacklists. So say i want a whitelist for example1.com i >> would make a /etc/MailScanner/domains directory for all my domains and >> point ms to it. Then make a directory for example1.com and then a file >> spam.whitelists.conf adding in what i want. Put the blacklist in the same >> area. Before i let you know of my problem do i have this right so far? >> Checking the MS config on this box here's what is already in there for >> those values: >> >> Is Definitely Not Spam=%rules-dir%/spam.whitelist.rules. >> Is Definitely Spam=%rules-dir%/spam.blacklist.rules >> >> and those files exist with content. If i'm reading this right these >> whitelists and blacklists are applied globally and not per-user and >> per-domain? >> Thanks. >> Dave. >> >> ----- Original Message ----- From: "Julian Field" >> >> To: "MailScanner discussion" >> Sent: Thursday, February 02, 2006 12:28 PM >> Subject: Re: mailscanner and perdomain white and blacklists >> >> >>> There is code to do this in CustomConfig.pm in >>> /usr/lib/MailScanner/MailScanner. There is documentation in there that >>> will tell you how to enable the code and how to set everything up for >>> it. Look for the Per-Domain whitelist and blacklist code and you'll find >>> it, there is code in the same file for other add-on features as well. >>> >>> If you have trouble setting it up or getting it basically working, then >>> give me a shout (possibly on IRC) and I'll try to help where I can. >>> >>> It's not hard, you don't have to write any code or anything to make it >>> all work >>> :-) >>> >>> Dave wrote: >>>> Hi Julian, >>>> Thanks for your reply. I haven't had a moment yet to check out that >>>> boxes mailscanner.conf except except just a quick overview of the >>>> mta-specific settings. Can the spam whitelists and blacklists be used >>>> on a perdomain basis? For example, i've got domain1.com and >>>> domain2.com. The user at domain1.com wants a user added to his spam >>>> whitelist while the user at domain2.com wants a spammer added to his >>>> spam blacklist. Ideally i believe these users at domain 1 and 2 .com >>>> want independent lists. >>>> Thanks a lot. >>>> Dave. >>>> >>>> ----- Original Message ----- From: "Julian Field" >>>> >>>> To: "MailScanner discussion" >>>> Sent: Thursday, February 02, 2006 4:09 AM >>>> Subject: Re: mailscanner and perdomain white and blacklists >>>> >>>> >>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>> >>>>> On 1 Feb 2006, at 23:32, Dave wrote: >>>>> >>>>>> Hello, >>>>>> I've got a mailscanner install with sendmail. It's working fine >>>>>> and it's working for multiple users. Now i'm getting requests from >>>>>> user a to add a username/domain to a blacklist file and user b to >>>>>> add another username/domain to a whitelist file. These i'm thinking >>>>>> should be separate as they are separate domains. This is on an fc4 >>>>>> box. Is this doable, any help appreciated. >>>>>> Thanks. >>>>>> Dave. >>>>> >>>>> Blacklist or whitelist in what sense? You basically just need a >>>>> couple of rulesets, one for your blacklist and one for your >>>>> whitelist. There is already a spam.whitelist.rules which you can use >>>>> as a sample from which to create and use a spam.blacklist.rules file. >>>>> Look in MailScanner.conf for spam.whitelist.rules and you will see >>>>> how to refer a setting to a rules file. >>>>> - -- Julian Field > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at seceidos.de Wed Feb 8 07:02:39 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Wed Feb 8 07:02:57 2006 Subject: More 4.50.15 woes on FreeBSD Message-ID: On Wednesday, February 08, 2006 12:26 AM TCIS List Acct wrote: > Yes, I've already installed the latest DBI and SQLLite. The problem > is directly related to new code in 4.50.15, as 4.47.x runs perfectly. I just finished work on the 4.50.15 port yesterday and have it up and running on our main mail machine for several hours now. No zombies. This is FreeBSD 4.9 and Exim as well. At this point I doubt it's a general MailScanner problem. Have you updated all your perl modules etc. to the latest version? And try the port... :-) Kind regards, JP From Jan-Peter.Koopmann at seceidos.de Wed Feb 8 07:20:38 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Wed Feb 8 07:20:51 2006 Subject: More 4.50.15 woes on FreeBSD Message-ID: On Wednesday, February 08, 2006 12:26 AM TCIS List Acct wrote: > Yes, I've already installed the latest DBI and SQLLite. The problem > is directly related to new code in 4.50.15, as 4.47.x runs perfectly. Hmm. This reminds me: I was having serious (!) trouble upgrading to one of the latest versions I think. MailScanner just stopped after a few minutes/hours. No warning, nothing. Upgrading all dependend p5- ports did the trick here. Since you are upgrading from 4.47, the problem might very well be with code in 4.49 and old libs. My suggestion: Wait for the 4.50.15 port to be committed (hopefully today), use it and do an automatic upgrade of all dependencies. Regards, JP From Jan-Peter.Koopmann at seceidos.de Wed Feb 8 07:36:05 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Wed Feb 8 07:36:21 2006 Subject: 4.50.15 - Big problems on FreeBSD / exim Message-ID: On Monday, February 06, 2006 11:57 PM TCIS List Acct wrote: > This really hosed those of us not using an RPM or install.sh script > (and those of us dumb enough not to read the relnotes before doing > this :)) -- it caused my SA prefs not to be read in, and thus caused > SA to use its default settings (Bayes on, DNS BL's on, etc) which > caused the majority of the performance problems. Just to stress this point one more time :-) If you had used the port, this would not have been a problem since the port would have fixed this problem for you. Any particular reason why you choose to do all the work manually? Just interested. Maybe I can improve the port. Regards, JP From mailscanner at mango.zw Wed Feb 8 08:24:07 2006 From: mailscanner at mango.zw (Jim Holland) Date: Wed Feb 8 08:33:43 2006 Subject: Outlook Rich Text Format messages - how to let through? In-Reply-To: <9720CA43F755A148BF65B6618B90CB94126239@magneto.wals.local> Message-ID: On Tue, 7 Feb 2006, Jody Cleveland wrote: > Date: Tue, 7 Feb 2006 14:05:13 -0600 > From: Jody Cleveland > Reply-To: MailScanner discussion > To: mailscanner@lists.mailscanner.info > Subject: Outlook Rich Text Format messages - how to let through? > > I'm running MailScanner ver. 4.50.15 on a redhat 4.0AS server that then > routes to an exchange 2003 server. I recently upgraded to this version > of MailScanner, and I'm noticing these reports from the quarantine: > > MailScanner: No Outlook Rich Text Format messages due to security hole, > use HTML instead (msg-2611-3.txt) I noticed something interesting with the blocking of TNF attachments: When an Outlook Express user complained and I released the message from quarantine it was delivered successfully but the attachment still appeared totally invisible to the OE user. It seems that as OE is incapable of parsing these attachments it ignores them completely. Is this what other people have found? If I am correct, then it is a major benefit to have them blocked so that the recipients can for the first time see what they are missing because of the senders' incompetent MS Outlook configuration. Regards Jim Holland System Administrator MANGO - Zimbabwe's non-profit e-mail service From smf at f2s.com Wed Feb 8 09:18:47 2006 From: smf at f2s.com (Steve Freegard) Date: Wed Feb 8 09:16:29 2006 Subject: Update problems with SQLBlackWhiteList.pm and MS [FIXED] In-Reply-To: <43E93BB8.2050602@rogers.com> References: <43E91FA9.1020903@rogers.com> <43E9253D.2020404@rogers.com> <43E92974.9040102@taz-mania.com> <43E92BEF.8050306@rogers.com> <43E9348D.6050906@rogers.com> <1139358214.16590.99.camel@localhost.localdomain> <43E93BB8.2050602@rogers.com> Message-ID: <1139390327.16590.101.camel@localhost.localdomain> On Tue, 2006-02-07 at 19:30 -0500, Mike Jakubik wrote: > Steve Freegard wrote: > > Hi Mike, > > > > On Tue, 2006-02-07 at 19:00 -0500, Mike Jakubik wrote: > > > >> Thanks for all the help guys (even though most of you misunderstood the > >> problem) but the problem is in the SQLBlakWhiteList.pm file. A variable > >> is not being cleared prior to update, so entries are only being appended > >> to it, until of course the child dies and restarts. > >> > > > > Good catch - I've just read through the code and I think you're on to > > something, please can you try the attached and see if it cures the > > problem for you and let me know. > > Heh, thats the exact same change i made. It tested it, it works fine. Thanks Mike -- I'll correct the version in MailWatch CVS later today. Cheers, Steve. From a.peacock at chime.ucl.ac.uk Wed Feb 8 09:21:33 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Wed Feb 8 09:21:41 2006 Subject: More 4.50.15 woes on FreeBSD In-Reply-To: <43E92C88.9010303@tulsaconnect.com> References: <001001c62c2e$a3f50760$4101a8c0@martinhlaptop> <43E92C88.9010303@tulsaconnect.com> Message-ID: <43E9B81D.6030209@chime.ucl.ac.uk> Hi, TCIS List Acct wrote: > > > Martin Hepworth wrote: >> Hmm how did you install if you didn't use the install.sh??? ports? > > No. I've always used the .tar.gz and installed by hand. Been doing so > for many years w/o a problem. This is the method I use. When I moved to using MailScanner I already had a working Sendmail server with a working virus scanner and a working install of SpamAssassin. The install script made too many assumptions and messed around with a setup that already worked well and I fully understood. So I used the .tar.gz file and manually installed. Upgrades take a little longer, but I do get to know all of the changes as I work my way through the install. This doesn't take too long for me now, and I much more comfortable doing it this way. If (when?) I ever get around to bringing a new email server up from scratch I will probably use the install.sh script, from the word go, but with my current set up that would just create more problems for me. I would certainly recommend anyone setting up a mailserver for the first time to use the install scripts. All that aside, the way that I check to make sure I have the correct Perl modules installed is this. After extracting the tar.gz file, there is a directory called perl-tar which contains the MailScanner.tar.gz as well as all of the required Perl modules, there is also a script called CheckModuleVersion. CheckModuleVersion can be used to compare the installed module version with the required version. I am also perverse in that I don't use CPAN.pm to install my Perl modules (also habit from many years ago). So I keep a directory with the distributions of the modules installed on my system. So I usually just copy the module .tar.gz files into this directory and do a filename compare, building the ones that are newer. It sounds complicated, but actually is very straight forward, and gives me the confidence that I know what is happening. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From martinh at solid-state-logic.com Wed Feb 8 09:27:59 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Feb 8 09:28:08 2006 Subject: More 4.50.15 woes on FreeBSD In-Reply-To: <43E92C88.9010303@tulsaconnect.com> Message-ID: <003f01c62c91$f3f2e620$3004010a@martinhlaptop> Hi I'd check which versions the install.sh installs and which versions you've installed. I run exim, FreeBSD 4.9 and do a lot of testing for Julian and apart from a beta glitches rarely get any problems. Have a go at using the install.sh installer, it's really nice to use (almost as nice as the port) and will install required perl modules (with patches) as required. Given JPK's comments earlier I'd start looking at the perl module versions if you're not going to use the suggested install.sh method. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of TCIS List Acct > Sent: 07 February 2006 23:26 > To: MailScanner discussion > Subject: Re: More 4.50.15 woes on FreeBSD > > > > Martin Hepworth wrote: > > Hmm how did you install if you didn't use the install.sh??? ports? > > No. I've always used the .tar.gz and installed by hand. Been doing so > for many years w/o a problem. > > > If you didn't use install.sh or the ports install please use the > install.sh > > version. > > I don't think that is the solution. > > > It will take care of all perl modules etc etc and will allow you to > backout > > very nicely...and yes there are more perl modules to install in order to > use > > the SA cache (SQLLite for one). > > Yes, I've already installed the latest DBI and SQLLite. The problem is > directly related to new code in 4.50.15, as 4.47.x runs perfectly. > > -- > > ----------------------------------------- > Mike Bacher / listacct@tulsaconnect.com > TCIS - TulsaConnect Internet Services > http://www.tulsaconnect.com > ----------------------------------------- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From martinh at solid-state-logic.com Wed Feb 8 09:30:39 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Feb 8 09:30:51 2006 Subject: More 4.50.15 woes on FreeBSD In-Reply-To: <43E9B81D.6030209@chime.ucl.ac.uk> Message-ID: <004001c62c92$534d73b0$3004010a@martinhlaptop> Mailscanner -v will also help here as well. Here's my output for you to compare with.. # /opt/MailScanner/bin/MailScanner -v Running on FreeBSD .solid-state-logic.com 4.10-RELEASE FreeBSD 4.10-RELEASE #0: Tue May 25 22:47:12 GMT 2004 root@perseus.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.50.14 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.16 File::Temp 1.32 HTML::Entities 3.48 HTML::Parser 2.35 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.03 MIME::QuotedPrint 5.419 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.809 DB_File 1.11 DBD::SQLite 1.50 DBI 1.08 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.001000 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.18 Net::CIDR::Lite 0.48 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent 0.30 SAVI 1.4 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Anthony Peacock > Sent: 08 February 2006 09:22 > To: MailScanner discussion > Subject: Re: More 4.50.15 woes on FreeBSD > > Hi, > > TCIS List Acct wrote: > > > > > > Martin Hepworth wrote: > >> Hmm how did you install if you didn't use the install.sh??? ports? > > > > No. I've always used the .tar.gz and installed by hand. Been doing so > > for many years w/o a problem. > > This is the method I use. When I moved to using MailScanner I already > had a working Sendmail server with a working virus scanner and a working > install of SpamAssassin. The install script made too many assumptions > and messed around with a setup that already worked well and I fully > understood. So I used the .tar.gz file and manually installed. > Upgrades take a little longer, but I do get to know all of the changes > as I work my way through the install. This doesn't take too long for me > now, and I much more comfortable doing it this way. If (when?) I ever > get around to bringing a new email server up from scratch I will > probably use the install.sh script, from the word go, but with my > current set up that would just create more problems for me. I would > certainly recommend anyone setting up a mailserver for the first time to > use the install scripts. > > All that aside, the way that I check to make sure I have the correct > Perl modules installed is this. After extracting the tar.gz file, there > is a directory called perl-tar which contains the MailScanner.tar.gz as > well as all of the required Perl modules, there is also a script called > CheckModuleVersion. CheckModuleVersion can be used to compare the > installed module version with the required version. > > I am also perverse in that I don't use CPAN.pm to install my Perl > modules (also habit from many years ago). So I keep a directory with > the distributions of the modules installed on my system. So I usually > just copy the module .tar.gz files into this directory and do a filename > compare, building the ones that are newer. > > It sounds complicated, but actually is very straight forward, and gives > me the confidence that I know what is happening. > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "The most exciting phrase to hear in science, the one that heralds new > discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From nerijus at users.sourceforge.net Wed Feb 8 09:31:39 2006 From: nerijus at users.sourceforge.net (Nerijus Baliunas) Date: Wed Feb 8 09:51:32 2006 Subject: Outlook Rich Text Format messages - how to let through? In-Reply-To: References: Message-ID: <20060208093947.0EA6DC09F@mx.dtiltas.lt> On Wed, 8 Feb 2006 10:24:07 +0200 (CAT) Jim Holland wrote: > I noticed something interesting with the blocking of TNF attachments: When > an Outlook Express user complained and I released the message from > quarantine it was delivered successfully but the attachment still appeared > totally invisible to the OE user. It seems that as OE is incapable of > parsing these attachments it ignores them completely. Is this what other > people have found? Yes, sometimes even Outlook/OE cannot parse winmail.dat and show it as an attachment, but sometimes they can parse it. Regards, Nerijus From glenn.steen at gmail.com Wed Feb 8 11:08:19 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 8 11:08:22 2006 Subject: OT: Shell Script In-Reply-To: <20060207182156.GA26518@bnl.gov> References: <43E8E215.4060702@trayerproducts.com> <20060207182156.GA26518@bnl.gov> Message-ID: <223f97700602080308m3a5e8a2o@mail.gmail.com> On 07/02/06, Tim Sailer wrote: (snip) > for file in `echo *` (snip) Tim, just curious... Why do you go the "long route around" backticks and an echo, just to use the same shell "wildcarding" mechanism as a single "*" would give you? That cannot be necessary... Just use an * and you'll be fine... As in ... for file in * do ... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From prandal at herefordshire.gov.uk Wed Feb 8 11:10:54 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Feb 8 11:11:16 2006 Subject: symantec scan on MailScanner Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580B0D3CC1@isabella.herefordshire.gov.uk> What platform are you running on? If it's Linux, I'd seriously recommend adding Bitdefender too. It often catches stuff that ClamAV and McAfee don't catch here. My past experience of Symantec is that they were way too slow with their pattern updates, but this may have changed in recent days/weeks/months/years ;-) Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Rob Freeman > Sent: 08 February 2006 01:48 > To: MailScanner discussion > Subject: Re: symantec scan on MailScanner > > Alex Neuman van der Hans wrote: > > BDC? > > > > Rob Freeman wrote: > >> Alex Neuman van der Hans wrote: > >>> Which ones do you already have? > >>> > >>> Rob Freeman wrote: > >>>> I was wondering if anyone was using this with > MailScanner. We are > >>>> looking to add another virus scan engine and got a good deal > >>>> through our parent company. > >>>> Thanks in advance > >>>> > >>>> Rob > >>> > >> Currently using clam, f-prot, and avg. We just got > audited, and they > >> wanted us to add one of the " big " vendors to the list. > > > They do not include that on the " big " ones. We work for a > bank and they want something the recognize like mcafee, > Symantec, etc etc. We have not had an email virus in 3 > years, but per the audit they asked for more of a known name > scanner. They gave us a deal on Symantec. The wonders of > working for a big company. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From dhawal at netmagicsolutions.com Wed Feb 8 11:32:22 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Feb 8 11:32:11 2006 Subject: Outlook Rich Text Format messages - how to let through? In-Reply-To: References: <9720CA43F755A148BF65B6618B90CB94126239@magneto.wals.local> Message-ID: <43E9D6C6.9020902@netmagicsolutions.com> Jim Holland wrote: > On Tue, 7 Feb 2006, Jody Cleveland wrote: > >> Date: Tue, 7 Feb 2006 14:05:13 -0600 >> From: Jody Cleveland >> Reply-To: MailScanner discussion >> To: mailscanner@lists.mailscanner.info >> Subject: Outlook Rich Text Format messages - how to let through? >> >> I'm running MailScanner ver. 4.50.15 on a redhat 4.0AS server that then >> routes to an exchange 2003 server. I recently upgraded to this version >> of MailScanner, and I'm noticing these reports from the quarantine: >> >> MailScanner: No Outlook Rich Text Format messages due to security hole, >> use HTML instead (msg-2611-3.txt) > > I noticed something interesting with the blocking of TNF attachments: When > an Outlook Express user complained and I released the message from > quarantine it was delivered successfully but the attachment still appeared > totally invisible to the OE user. It seems that as OE is incapable of > parsing these attachments it ignores them completely. Is this what other > people have found? If I am correct, then it is a major benefit to have > them blocked so that the recipients can for the first time see what they > are missing because of the senders' incompetent MS Outlook configuration. I vaguely remember someone (on this list or some other list) writing a utility to extract tnef (winmail.dat) and re-attach them as normal attachments. Let me see if i can dig it out. - dhawal > Regards > > Jim Holland > System Administrator > MANGO - Zimbabwe's non-profit e-mail service From glenn.steen at gmail.com Wed Feb 8 11:34:11 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 8 11:34:16 2006 Subject: symantec scan on MailScanner In-Reply-To: <43E94DCF.70803@robhq.com> References: <43E91E5E.10704@robhq.com> <43E9395E.6010207@nkpanama.com> <43E93D4C.2020201@robhq.com> <43E94710.40906@nkpanama.com> <43E94DCF.70803@robhq.com> Message-ID: <223f97700602080334h7b638e78m@mail.gmail.com> On 08/02/06, Rob Freeman wrote: > Alex Neuman van der Hans wrote: > > BDC? > > > > Rob Freeman wrote: > >> Alex Neuman van der Hans wrote: > >>> Which ones do you already have? > >>> > >>> Rob Freeman wrote: > >>>> I was wondering if anyone was using this with MailScanner. We are > >>>> looking to add another virus scan engine and got a good deal > >>>> through our parent company. > >>>> Thanks in advance > >>>> > >>>> Rob > >>> > >> Currently using clam, f-prot, and avg. We just got audited, and they > >> wanted us to add one of the " big " vendors to the list. > > > They do not include that on the " big " ones. We work for a bank and > they want something the recognize like mcafee, Symantec, etc etc. We > have not had an email virus in 3 years, but per the audit they asked for > more of a known name scanner. They gave us a deal on Symantec. The > wonders of working for a big company. For the love of... Why on earth should you choose one of the worst performers when it comes to updates? Even McAfee is (mostly) better.... At least in my experience... I work in the financial sector (sort of) too. We happened to have a site license on McAfee, so that got included alongside BitDefender an ClamAV (which is our "primary email AV", simply by dint of catching most viruses), so ... that's OK. But the value it adds is limited (still, the relatively few times it's been the "sole detector", I've been glad to have it:-). I'd advice you to look at what you have on your workstations, You might be able to use that at low/no cost. But the whole "auditing, then offering" thing is a bit smelly, don't you think? Sounds to me like a pure racketeering thing "... you need OUR product too to be safe...". One wonders what their cut is;-). If you are to add anything, BitDefender is a better fit (You could argue that f-prot and avg are "big enough", and that McAfee, Trend, Symantec and the rest aren't really worth your while). But then ... I sense a PHB here, somewhere:-):-) Perhaps your options are limited by ... policy? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dhawal at netmagicsolutions.com Wed Feb 8 11:43:44 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Feb 8 11:44:07 2006 Subject: possible fraud attempt and phising on my mail logs In-Reply-To: <20060208103434.31448.qmail@web35615.mail.mud.yahoo.com> References: <20060208103434.31448.qmail@web35615.mail.mud.yahoo.com> Message-ID: <43E9D970.4030502@netmagicsolutions.com> spart cus wrote: > hi guys, > found this logs on my mail server about possible fraud attempt and phising. > is this normal ? > > Found ip-based phishing fraud from 10.2.0.0 > Found ip-based phishing fraud from 255.255.255.255 > Found ip-based phishing fraud from 10.1.0.0 > Found ip-based phishing fraud from 255.255.255.255 > > . *MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" > claiming to be* *MailScanner warning: numerical links are often > malicious: ee.ee.ee.ee* [SNIP] This is quite normal. It can be controlled using the "Also Find Numeric Phishing" parameter in MailScanner.conf - dhawal From linux_spartacus at yahoo.com Wed Feb 8 11:58:57 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Wed Feb 8 11:59:01 2006 Subject: possible fraud attempt and phising on my mail logs In-Reply-To: <43E9D970.4030502@netmagicsolutions.com> Message-ID: <20060208115857.55909.qmail@web35609.mail.mud.yahoo.com> Dhawal Doshy wrote: spart cus wrote: > hi guys, > found this logs on my mail server about possible fraud attempt and phising. > is this normal ? > > Found ip-based phishing fraud from 10.2.0.0 > Found ip-based phishing fraud from 255.255.255.255 > Found ip-based phishing fraud from 10.1.0.0 > Found ip-based phishing fraud from 255.255.255.255 > > . *MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" > claiming to be* *MailScanner warning: numerical links are often > malicious: ee.ee.ee.ee* [SNIP] This is quite normal. It can be controlled using the "Also Find Numeric Phishing" parameter in MailScanner.conf - dhawal -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! can i disable this one? or its better the way it is. coz i checked at the mail and it contains lots of links and some router configurations wherein ip addresses are present. --------------------------------- Brings words and photos together (easily) with PhotoMail - it's free and works with Yahoo! Mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060208/902b459d/attachment-0001.html From rob at robhq.com Wed Feb 8 12:21:13 2006 From: rob at robhq.com (rob) Date: Wed Feb 8 12:17:09 2006 Subject: symantec scan on MailScanner In-Reply-To: <223f97700602080334h7b638e78m@mail.gmail.com> References: <43E91E5E.10704@robhq.com> <43E9395E.6010207@nkpanama.com> <43E93D4C.2020201@robhq.com> <43E94710.40906@nkpanama.com> <43E94DCF.70803@robhq.com> <223f97700602080334h7b638e78m@mail.gmail.com> Message-ID: <20060208121646.M80252@robhq.com> On Wed, 8 Feb 2006 12:34:11 +0100, Glenn Steen wrote > On 08/02/06, Rob Freeman wrote: > > Alex Neuman van der Hans wrote: > > > BDC? > > > > > > Rob Freeman wrote: > > >> Alex Neuman van der Hans wrote: > > >>> Which ones do you already have? > > >>> > > >>> Rob Freeman wrote: > > >>>> I was wondering if anyone was using this with MailScanner. We are > > >>>> looking to add another virus scan engine and got a good deal > > >>>> through our parent company. > > >>>> Thanks in advance > > >>>> > > >>>> Rob > > >>> > > >> Currently using clam, f-prot, and avg. We just got audited, and they > > >> wanted us to add one of the " big " vendors to the list. > > > > > They do not include that on the " big " ones. We work for a bank and > > they want something the recognize like mcafee, Symantec, etc etc. We > > have not had an email virus in 3 years, but per the audit they asked for > > more of a known name scanner. They gave us a deal on Symantec. The > > wonders of working for a big company. > > For the love of... Why on earth should you choose one of the worst > performers when it comes to updates? Even McAfee is (mostly) > better.... At least in my experience... > I work in the financial sector (sort of) too. We happened to have a > site license on McAfee, so that got included alongside BitDefender an > ClamAV (which is our "primary email AV", simply by dint of catching > most viruses), so ... that's OK. But the value it adds is limited > (still, the relatively few times it's been the "sole detector", I've > been glad to have it:-). > > I'd advice you to look at what you have on your workstations, You > might be able to use that at low/no cost. > > But the whole "auditing, then offering" thing is a bit smelly, don't you think? > Sounds to me like a pure racketeering thing "... you need OUR product > too to be safe...". One wonders what their cut is;-). > > If you are to add anything, BitDefender is a better fit (You could > argue that f-prot and avg are "big enough", and that McAfee, Trend, > Symantec and the rest aren't really worth your while). > > But then ... I sense a PHB here, somewhere:-):-) Perhaps your options > are limited by ... policy? > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. Oh I agree, I am not a fan of anything norton, but was asked by the allmighty bank to add something they understand. The joys of big buisness. We have used AVG here on workstations and servers since 1999 with very good success. They were a little iffy on us using that. I will see if I can convince them about us adding bitdefender instead, but have a feeling they will balk. The other one we mentioned and they seemed ok with was sophos. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dhawal at netmagicsolutions.com Wed Feb 8 12:18:27 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Feb 8 12:18:16 2006 Subject: possible fraud attempt and phising on my mail logs In-Reply-To: <20060208115857.55909.qmail@web35609.mail.mud.yahoo.com> References: <20060208115857.55909.qmail@web35609.mail.mud.yahoo.com> Message-ID: <43E9E193.2090006@netmagicsolutions.com> spart cus wrote: > */Dhawal Doshy /* wrote: > spart cus wrote: > > hi guys, > > found this logs on my mail server about possible fraud attempt > and phising. > > is this normal ? > > > > Found ip-based phishing fraud from 10.2.0.0 > > Found ip-based phishing fraud from 255.255.255.255 > > Found ip-based phishing fraud from 10.1.0.0 > > Found ip-based phishing fraud from 255.255.255.255 > > > > . *MailScanner has detected a possible fraud attempt from > "ee.ee.ee.ee" > > claiming to be* *MailScanner warning: numerical links are often > > malicious: ee.ee.ee.ee* > > [SNIP] > > This is quite normal. It can be controlled using the "Also Find Numeric > Phishing" parameter in MailScanner.conf > > - dhawal > > can i disable this one? or its better the way it is. coz i checked at > the mail and it contains lots of links and some router configurations > wherein ip addresses are present. Most options in MailScanner.conf can be set to 'yes', 'no' or a ruleset. To completely disable, use: Also Find Numeric Phishing = no To use a ruleset, use: Also Find Numeric Phishing = %rules-dir%/find.numeric.phishing.rules i recommend that you read the wiki (wiki.mailscanner.info) OR better, buy the mailscanner book. - dhawal From linux_spartacus at yahoo.com Wed Feb 8 12:31:29 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Wed Feb 8 12:31:31 2006 Subject: possible fraud attempt and phising on my mail logs In-Reply-To: <43E9E193.2090006@netmagicsolutions.com> Message-ID: <20060208123129.69411.qmail@web35612.mail.mud.yahoo.com> --- Dhawal Doshy wrote: > spart cus wrote: > > */Dhawal Doshy /* > wrote: > > spart cus wrote: > > > hi guys, > > > found this logs on my mail server about > possible fraud attempt > > and phising. > > > is this normal ? > > > > > > Found ip-based phishing fraud from 10.2.0.0 > > > Found ip-based phishing fraud from > 255.255.255.255 > > > Found ip-based phishing fraud from 10.1.0.0 > > > Found ip-based phishing fraud from > 255.255.255.255 > > > > > > . *MailScanner has detected a possible > fraud attempt from > > "ee.ee.ee.ee" > > > claiming to be* *MailScanner warning: > numerical links are often > > > malicious: ee.ee.ee.ee* > > > > [SNIP] > > > > This is quite normal. It can be controlled > using the "Also Find Numeric > > Phishing" parameter in MailScanner.conf > > > > - dhawal > > > > can i disable this one? or its better the way it > is. coz i checked at > > the mail and it contains lots of links and some > router configurations > > wherein ip addresses are present. > > Most options in MailScanner.conf can be set to > 'yes', 'no' or a ruleset. > > To completely disable, use: > Also Find Numeric Phishing = no > > To use a ruleset, use: > Also Find Numeric Phishing = > %rules-dir%/find.numeric.phishing.rules > > i recommend that you read the wiki > (wiki.mailscanner.info) OR better, > buy the mailscanner book. > > - dhawal > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read > http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off > the website! > tnx for all the help.i do want to buy the book but dont have the money. is there any available pdf's for that ? it would be a great help here in our community for that. Godbless. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From glenn.steen at gmail.com Wed Feb 8 12:47:58 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 8 12:48:02 2006 Subject: symantec scan on MailScanner In-Reply-To: <20060208121646.M80252@robhq.com> References: <43E91E5E.10704@robhq.com> <43E9395E.6010207@nkpanama.com> <43E93D4C.2020201@robhq.com> <43E94710.40906@nkpanama.com> <43E94DCF.70803@robhq.com> <223f97700602080334h7b638e78m@mail.gmail.com> <20060208121646.M80252@robhq.com> Message-ID: <223f97700602080447r73a22bd9l@mail.gmail.com> On 08/02/06, rob wrote: > On Wed, 8 Feb 2006 12:34:11 +0100, Glenn Steen wrote >(snip) > > For the love of... Why on earth should you choose one of the worst > > performers when it comes to updates? Even McAfee is (mostly) > > better.... At least in my experience... > > I work in the financial sector (sort of) too. We happened to have a > > site license on McAfee, so that got included alongside BitDefender an > > ClamAV (which is our "primary email AV", simply by dint of catching > > most viruses), so ... that's OK. But the value it adds is limited > > (still, the relatively few times it's been the "sole detector", I've > > been glad to have it:-). > > > > I'd advice you to look at what you have on your workstations, You > > might be able to use that at low/no cost. > > > > But the whole "auditing, then offering" thing is a bit smelly, don't you think? > > Sounds to me like a pure racketeering thing "... you need OUR product > > too to be safe...". One wonders what their cut is;-). > > > > If you are to add anything, BitDefender is a better fit (You could > > argue that f-prot and avg are "big enough", and that McAfee, Trend, > > Symantec and the rest aren't really worth your while). > > > > But then ... I sense a PHB here, somewhere:-):-) Perhaps your options > > are limited by ... policy? (snip) > > Oh I agree, I am not a fan of anything norton, but was asked by the allmighty bank to > add something they understand. The joys of big buisness. We have used AVG here on > workstations and servers since 1999 with very good success. They were a little iffy on > us using that. I will see if I can convince them about us adding bitdefender instead, > but have a feeling they will balk. The other one we mentioned and they seemed ok with > was sophos. > Sophos is interresting, since you could go with the "no fork penalty" SAVI perl module. Haven't used it myself, but there are quite a few on the list who will (not only swear at it, but actually:) by it. Good luck -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From listacct at tulsaconnect.com Wed Feb 8 13:03:33 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Wed Feb 8 13:03:37 2006 Subject: 4.50.15 - Big problems on FreeBSD / exim In-Reply-To: References: Message-ID: <43E9EC25.3080401@tulsaconnect.com> Koopmann, Jan-Peter wrote: > Just to stress this point one more time :-) If you had used the port, > this would not have been a problem since the port would have fixed this > problem for you. Any particular reason why you choose to do all the work > manually? Just interested. Maybe I can improve the port. > > Regards, > JP Mainly because I've been installing it this way for years, long before the port existed :-) I'm not opposed to trying the port, but I am still very curious as to what the real issue is -- I suspect I am 98% current on all Perl modules (will be checking in a second). -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From listacct at tulsaconnect.com Wed Feb 8 13:04:32 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Wed Feb 8 13:04:34 2006 Subject: More 4.50.15 woes on FreeBSD In-Reply-To: <43E9B81D.6030209@chime.ucl.ac.uk> References: <001001c62c2e$a3f50760$4101a8c0@martinhlaptop> <43E92C88.9010303@tulsaconnect.com> <43E9B81D.6030209@chime.ucl.ac.uk> Message-ID: <43E9EC60.2020404@tulsaconnect.com> Anthony Peacock wrote: > This is the method I use. When I moved to using MailScanner I already > had a working Sendmail server with a working virus scanner and a working > install of SpamAssassin. The install script made too many assumptions > and messed around with a setup that already worked well and I fully > understood. So I used the .tar.gz file and manually installed. Upgrades > take a little longer, but I do get to know all of the changes as I work > my way through the install. This doesn't take too long for me now, and > I much more comfortable doing it this way. If (when?) I ever get around > to bringing a new email server up from scratch I will probably use the > install.sh script, from the word go, but with my current set up that > would just create more problems for me. I would certainly recommend > anyone setting up a mailserver for the first time to use the install > scripts. > > All that aside, the way that I check to make sure I have the correct > Perl modules installed is this. After extracting the tar.gz file, there > is a directory called perl-tar which contains the MailScanner.tar.gz as > well as all of the required Perl modules, there is also a script called > CheckModuleVersion. CheckModuleVersion can be used to compare the > installed module version with the required version. > > I am also perverse in that I don't use CPAN.pm to install my Perl > modules (also habit from many years ago). So I keep a directory with > the distributions of the modules installed on my system. So I usually > just copy the module .tar.gz files into this directory and do a filename > compare, building the ones that are newer. > > It sounds complicated, but actually is very straight forward, and gives > me the confidence that I know what is happening. > Couldn't have said it better myself. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From listacct at tulsaconnect.com Wed Feb 8 13:06:46 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Wed Feb 8 13:06:49 2006 Subject: More 4.50.15 woes on FreeBSD In-Reply-To: <004001c62c92$534d73b0$3004010a@martinhlaptop> References: <004001c62c92$534d73b0$3004010a@martinhlaptop> Message-ID: <43E9ECE6.6000605@tulsaconnect.com> Martin Hepworth wrote: > Mailscanner -v will also help here as well. Perfect -- didn't know about -v. > Here's my output for you to compare with.. > > # /opt/MailScanner/bin/MailScanner -v > Running on > FreeBSD .solid-state-logic.com 4.10-RELEASE FreeBSD 4.10-RELEASE #0: > Tue May 25 22:47:12 GMT 2004 > root@perseus.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.50.14 > Module versions are: > 1.00 AnyDBM_File > 1.14 Archive::Zip > 1.03 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.16 File::Temp > 1.32 HTML::Entities > 3.48 HTML::Parser > 2.35 HTML::TokeParser > 1.21 IO > 1.10 IO::File > 1.123 IO::Pipe > 1.71 Mail::Header > 3.05 MIME::Base64 > 5.419 MIME::Decoder > 5.419 MIME::Decoder::UU > 5.419 MIME::Head > 5.419 MIME::Parser > 3.03 MIME::QuotedPrint > 5.419 MIME::Tools > 0.10 Net::CIDR > 1.08 POSIX > 1.77 Socket > 0.05 Sys::Syslog > 1.86 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.809 DB_File > 1.11 DBD::SQLite > 1.50 DBI > 1.08 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.10 Digest::SHA1 > 0.44 Inline > 0.17 Mail::ClamAV > 3.001000 Mail::SpamAssassin > 1.997 Mail::SPF::Query > 0.18 Net::CIDR::Lite > 0.48 Net::DNS > missing Net::LDAP > 1.94 Parse::RecDescent > 0.30 SAVI > 1.4 Sys::Hostname::Long > 2.42 Test::Harness > 0.47 Test::Simple > 1.95 Text::Balanced > 1.35 URI > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 Here is mine: Running on FreeBSD mx4.tulsaconnect.com 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Thu Mar 11 04:23:52 CST 2004 mikeb@mx4.tulsaconnect.com:/usr/src/sys/compile/MIKEB i386 This is Perl version 5.008002 (5.8.2) This is MailScanner version 4.50.15 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.72 File::Basename 2.06 File::Copy 2.01 FileHandle 1.06 File::Path 0.16 File::Temp 1.32 HTML::Entities 3.46 HTML::Parser 2.31 HTML::TokeParser 1.21 IO 1.10 IO::File 1.122 IO::Pipe 1.67 Mail::Header 3.05 MIME::Base64 5.418 MIME::Decoder 5.418 MIME::Decoder::UU 5.418 MIME::Head 5.418 MIME::Parser 3.03 MIME::QuotedPrint 5.418 MIME::Tools 0.11 Net::CIDR 1.06 POSIX 1.76 Socket 0.04 Sys::Syslog 1.52 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.807 DB_File 1.11 DBD::SQLite 1.50 DBI 1.05 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 missing Inline missing Mail::ClamAV 3.001000 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.48 Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.30 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.30 URI Any red flags? -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From martinh at solid-state-logic.com Wed Feb 8 13:35:02 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Feb 8 13:35:26 2006 Subject: More 4.50.15 woes on FreeBSD In-Reply-To: <43E9ECE6.6000605@tulsaconnect.com> Message-ID: <002401c62cb4$78784080$3004010a@martinhlaptop> I vaguely remember something about various Perl module updates in the past and a quick look at the changelog reveals the install.sh will install a new HTML::Parser. Not sure about why the MIME:: modules are later on my system too, again I seem to remember something but in this case I can't find anything obvious in the change log. I'd start with these two and see if upgrading helps.... and work down the list on the other differences.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of TCIS List Acct > Sent: 08 February 2006 13:07 > To: MailScanner discussion > Subject: Re: More 4.50.15 woes on FreeBSD > > > > Martin Hepworth wrote: > > Mailscanner -v will also help here as well. > > Perfect -- didn't know about -v. > > > Here's my output for you to compare with.. > > > > # /opt/MailScanner/bin/MailScanner -v > > Running on > > FreeBSD .solid-state-logic.com 4.10-RELEASE FreeBSD 4.10-RELEASE > #0: > > Tue May 25 22:47:12 GMT 2004 > > root@perseus.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 > > This is Perl version 5.008005 (5.8.5) > > > > This is MailScanner version 4.50.14 > > Module versions are: > > 1.00 AnyDBM_File > > 1.14 Archive::Zip > > 1.03 Carp > > 1.119 Convert::BinHex > > 1.00 DirHandle > > 1.05 Fcntl > > 2.73 File::Basename > > 2.08 File::Copy > > 2.01 FileHandle > > 1.06 File::Path > > 0.16 File::Temp > > 1.32 HTML::Entities > > 3.48 HTML::Parser > > 2.35 HTML::TokeParser > > 1.21 IO > > 1.10 IO::File > > 1.123 IO::Pipe > > 1.71 Mail::Header > > 3.05 MIME::Base64 > > 5.419 MIME::Decoder > > 5.419 MIME::Decoder::UU > > 5.419 MIME::Head > > 5.419 MIME::Parser > > 3.03 MIME::QuotedPrint > > 5.419 MIME::Tools > > 0.10 Net::CIDR > > 1.08 POSIX > > 1.77 Socket > > 0.05 Sys::Syslog > > 1.86 Time::HiRes > > 1.02 Time::localtime > > > > Optional module versions are: > > 0.17 Convert::TNEF > > 1.809 DB_File > > 1.11 DBD::SQLite > > 1.50 DBI > > 1.08 Digest > > 1.01 Digest::HMAC > > 2.36 Digest::MD5 > > 2.10 Digest::SHA1 > > 0.44 Inline > > 0.17 Mail::ClamAV > > 3.001000 Mail::SpamAssassin > > 1.997 Mail::SPF::Query > > 0.18 Net::CIDR::Lite > > 0.48 Net::DNS > > missing Net::LDAP > > 1.94 Parse::RecDescent > > 0.30 SAVI > > 1.4 Sys::Hostname::Long > > 2.42 Test::Harness > > 0.47 Test::Simple > > 1.95 Text::Balanced > > 1.35 URI > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > Here is mine: > > Running on > FreeBSD mx4.tulsaconnect.com 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Thu Mar > 11 > 04:23:52 CST 2004 > mikeb@mx4.tulsaconnect.com:/usr/src/sys/compile/MIKEB i386 > This is Perl version 5.008002 (5.8.2) > > This is MailScanner version 4.50.15 > Module versions are: > 1.00 AnyDBM_File > 1.16 Archive::Zip > 1.01 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.72 File::Basename > 2.06 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.16 File::Temp > 1.32 HTML::Entities > 3.46 HTML::Parser > 2.31 HTML::TokeParser > 1.21 IO > 1.10 IO::File > 1.122 IO::Pipe > 1.67 Mail::Header > 3.05 MIME::Base64 > 5.418 MIME::Decoder > 5.418 MIME::Decoder::UU > 5.418 MIME::Head > 5.418 MIME::Parser > 3.03 MIME::QuotedPrint > 5.418 MIME::Tools > 0.11 Net::CIDR > 1.06 POSIX > 1.76 Socket > 0.04 Sys::Syslog > 1.52 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.807 DB_File > 1.11 DBD::SQLite > 1.50 DBI > 1.05 Digest > 1.01 Digest::HMAC > 2.33 Digest::MD5 > 2.10 Digest::SHA1 > missing Inline > missing Mail::ClamAV > 3.001000 Mail::SpamAssassin > missing Mail::SPF::Query > missing Net::CIDR::Lite > 0.48 Net::DNS > missing Net::LDAP > missing Parse::RecDescent > missing SAVI > missing Sys::Hostname::Long > 2.30 Test::Harness > 0.47 Test::Simple > 1.95 Text::Balanced > 1.30 URI > > Any red flags? > > -- > > ----------------------------------------- > Mike Bacher / listacct@tulsaconnect.com > TCIS - TulsaConnect Internet Services > http://www.tulsaconnect.com > ----------------------------------------- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From prandal at herefordshire.gov.uk Wed Feb 8 13:52:49 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Feb 8 13:53:38 2006 Subject: symantec scan on MailScanner Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580B0D3D2E@isabella.herefordshire.gov.uk> Play it safe. Add Bitdefender as well, not instead... And then gather the stats and see if Symantec catches nothing the that the others do. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of rob > Sent: 08 February 2006 12:21 > To: MailScanner discussion > Subject: Re: symantec scan on MailScanner > > On Wed, 8 Feb 2006 12:34:11 +0100, Glenn Steen wrote > > On 08/02/06, Rob Freeman wrote: > > > Alex Neuman van der Hans wrote: > > > > BDC? > > > > > > > > Rob Freeman wrote: > > > >> Alex Neuman van der Hans wrote: > > > >>> Which ones do you already have? > > > >>> > > > >>> Rob Freeman wrote: > > > >>>> I was wondering if anyone was using this with > MailScanner. We > > > >>>> are looking to add another virus scan engine and got a good > > > >>>> deal through our parent company. > > > >>>> Thanks in advance > > > >>>> > > > >>>> Rob > > > >>> > > > >> Currently using clam, f-prot, and avg. We just got > audited, and > > > >> they wanted us to add one of the " big " vendors to the list. > > > > > > > They do not include that on the " big " ones. We work for a bank > > > and they want something the recognize like mcafee, Symantec, etc > > > etc. We have not had an email virus in 3 years, but per > the audit > > > they asked for more of a known name scanner. They gave > us a deal on > > > Symantec. The wonders of working for a big company. > > > > For the love of... Why on earth should you choose one of the worst > > performers when it comes to updates? Even McAfee is (mostly) > > better.... At least in my experience... > > I work in the financial sector (sort of) too. We happened to have a > > site license on McAfee, so that got included alongside > BitDefender an > > ClamAV (which is our "primary email AV", simply by dint of catching > > most viruses), so ... that's OK. But the value it adds is limited > > (still, the relatively few times it's been the "sole > detector", I've > > been glad to have it:-). > > > > I'd advice you to look at what you have on your workstations, You > > might be able to use that at low/no cost. > > > > But the whole "auditing, then offering" thing is a bit > smelly, don't you think? > > Sounds to me like a pure racketeering thing "... you need > OUR product > > too to be safe...". One wonders what their cut is;-). > > > > If you are to add anything, BitDefender is a better fit (You could > > argue that f-prot and avg are "big enough", and that McAfee, Trend, > > Symantec and the rest aren't really worth your while). > > > > But then ... I sense a PHB here, somewhere:-):-) Perhaps > your options > > are limited by ... policy? > > > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > This message has been scanned for viruses and dangerous content by > > MailScanner, and is believed to be clean. > > Oh I agree, I am not a fan of anything norton, but was asked > by the allmighty bank to add something they understand. The > joys of big buisness. We have used AVG here on workstations > and servers since 1999 with very good success. They were a > little iffy on us using that. I will see if I can convince > them about us adding bitdefender instead, but have a feeling > they will balk. The other one we mentioned and they seemed > ok with was sophos. > > -- > This message has been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From steve.swaney at fsl.com Wed Feb 8 13:57:10 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Feb 8 13:57:12 2006 Subject: possible fraud attempt and phising on my mail logs In-Reply-To: <20060208123129.69411.qmail@web35612.mail.mud.yahoo.com> Message-ID: <200602081357.k18DvAC3006060@bkserver.blacknight.ie> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of spart cus > Sent: Wednesday, February 08, 2006 7:31 AM > To: MailScanner discussion > Subject: Re: possible fraud attempt and phising on my mail logs > > > > --- Dhawal Doshy wrote: > > > spart cus wrote: > > > */Dhawal Doshy /* > > wrote: > > > spart cus wrote: > > > > hi guys, > > > > found this logs on my mail server about > > possible fraud attempt > > > and phising. > > > > is this normal ? > > > > > > > > Found ip-based phishing fraud from 10.2.0.0 > > > > Found ip-based phishing fraud from > > 255.255.255.255 > > > > Found ip-based phishing fraud from 10.1.0.0 > > > > Found ip-based phishing fraud from > > 255.255.255.255 > > > > > > > > . *MailScanner has detected a possible > > fraud attempt from > > > "ee.ee.ee.ee" > > > > claiming to be* *MailScanner warning: > > numerical links are often > > > > malicious: ee.ee.ee.ee* > > > > > > [SNIP] > > > > > > This is quite normal. It can be controlled > > using the "Also Find Numeric > > > Phishing" parameter in MailScanner.conf > > > > > > - dhawal > > > > > > can i disable this one? or its better the way it > > is. coz i checked at > > > the mail and it contains lots of links and some > > router configurations > > > wherein ip addresses are present. > > > > Most options in MailScanner.conf can be set to > > 'yes', 'no' or a ruleset. > > > > To completely disable, use: > > Also Find Numeric Phishing = no > > > > To use a ruleset, use: > > Also Find Numeric Phishing = > > %rules-dir%/find.numeric.phishing.rules > > > > i recommend that you read the wiki > > (wiki.mailscanner.info) OR better, > > buy the mailscanner book. > > > > - dhawal > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read > > http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off > > the website! > > > tnx for all the help.i do want to buy the book but > dont have the money. is there any available pdf's for > that ? it would be a great help here in our community > for that. Godbless. There is a free PDF download of the Basic MailScanner manual available at our site: http://www.fsl.com/support.html And click on MailScanner Manual. It's almost 100 pages and only up to date for version MailScanner version 4.45 but will cover all the basics. Hope this helps, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From sailer at bnl.gov Wed Feb 8 13:58:44 2006 From: sailer at bnl.gov (Tim Sailer) Date: Wed Feb 8 13:58:53 2006 Subject: OT: Shell Script In-Reply-To: <223f97700602080308m3a5e8a2o@mail.gmail.com> References: <43E8E215.4060702@trayerproducts.com> <20060207182156.GA26518@bnl.gov> <223f97700602080308m3a5e8a2o@mail.gmail.com> Message-ID: <20060208135844.GA13896@bnl.gov> On Wed, Feb 08, 2006 at 12:08:19PM +0100, Glenn Steen wrote: > On 07/02/06, Tim Sailer wrote: > (snip) > > for file in `echo *` > (snip) > Tim, just curious... Why do you go the "long route around" backticks > and an echo, just to use the same shell "wildcarding" mechanism as a > single "*" would give you? > That cannot be necessary... Just use an * and you'll be fine... As in > ... > for file in * > do Well, yes, for the most part. I guess I'm just showing my age, unix-wise. Back in the good old days with the standard Bourne shell, globbing didn't quite work like the present. Plus, * by itself means a lot of things to the shells. Evaling the results of the 'echo -n' and '-n' by itself may have different results, if a file was created with the name '-n'. Habit, I guess. After all these years, that sequence just flows off my fingertips... Tim -- Tim Sailer Information and Special Technologies Program Northeast Regional Counterintelligence Office Brookhaven National Laboratory (631) 344-3001 From listacct at tulsaconnect.com Wed Feb 8 14:08:13 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Wed Feb 8 14:08:16 2006 Subject: More 4.50.15 woes on FreeBSD In-Reply-To: <002401c62cb4$78784080$3004010a@martinhlaptop> References: <002401c62cb4$78784080$3004010a@martinhlaptop> Message-ID: <43E9FB4D.6040402@tulsaconnect.com> Martin Hepworth wrote: > I vaguely remember something about various Perl module updates in the past > and a quick look at the changelog reveals the install.sh will install a new > HTML::Parser. > > Not sure about why the MIME:: modules are later on my system too, again I > seem to remember something but in this case I can't find anything obvious in > the change log. > > I'd start with these two and see if upgrading helps.... and work down the > list on the other differences.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 Ok, I updated all Perl modules to the level of your system or newer (with the exceptions of the modules installed by Perl itself), with the same results: This is Perl version 5.008002 (5.8.2) This is MailScanner version 4.50.15 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.72 File::Basename 2.06 File::Copy 2.01 FileHandle 1.06 File::Path 0.16 File::Temp 1.32 HTML::Entities 3.48 HTML::Parser 2.35 HTML::TokeParser 1.22 IO 1.13 IO::File 1.13 IO::Pipe 1.73 Mail::Header 3.05 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.03 MIME::QuotedPrint 5.419 MIME::Tools 0.11 Net::CIDR 1.06 POSIX 1.76 Socket 0.04 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.807 DB_File 1.11 DBD::SQLite 1.50 DBI 1.05 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline missing Mail::ClamAV 3.001000 Mail::SpamAssassin 1.998 Mail::SPF::Query 0.19 Net::CIDR::Lite 0.48 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.30 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI I guess my next step is to upgrade to Perl 5.8.8, as that seemed to be the only difference between your setup and mine. What version of exim are you running? -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From shrek-m at gmx.de Wed Feb 8 14:11:36 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Wed Feb 8 14:11:40 2006 Subject: symantec scan on MailScanner In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580B0D3D2E@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580B0D3D2E@isabella.herefordshire.gov.uk> Message-ID: <43E9FC18.5070304@gmx.de> On 08.02.2006 14:52, Randal, Phil wrote: >Play it safe. Add Bitdefender as well, not instead... > >And then gather the stats and see if Symantec catches nothing the that >the others do. > http://www.virustotal.com/flash/virustotal_en.html eg. wendy.zip is w32/mimail-m (sophos) -------- This is a report processed by VirusTotal on 01/31/2006 at 20:59:57 (CET) after scanning the file "*wendy.zip*" file. Antivirus Version Update Result AntiVir 6.33.0.81 01.31.2006 no virus found Avast 4.6.695.0 01.31.2006 no virus found AVG 718 01.31.2006 no virus found Avira 6.33.0.81 01.31.2006 no virus found BitDefender 7.2 01.31.2006 no virus found CAT-QuickHeal 8.00 01.31.2006 no virus found ClamAV devel-20060126 01.31.2006 no virus found DrWeb 4.33 01.31.2006 no virus found eTrust-InoculateIT 23.71.64 01.31.2006 no virus found eTrust-Vet 12.4.2060 01.30.2006 Win32/Mimail.M Ewido 3.5 01.31.2006 no virus found Fortinet 2.54.0.0 01.31.2006 no virus found F-Prot 3.16c 01.31.2006 suspicious Ikarus 0.2.59.0 01.31.2006 Email-Worm.Win32.Mimail.M Kaspersky 4.0.2.24 01.31.2006 Email-Worm.Win32.Mimail.m McAfee 4686 01.31.2006 no virus found NOD32v2 1.1389 01.31.2006 error - password-protected file Norman 5.70.10 01.31.2006 no virus found Panda 9.0.0.4 01.31.2006 no virus found Sophos 4.02.0 01.31.2006 W32/Mimail-M Symantec 8.0 01.31.2006 W32.Mimail.M@mm TheHacker 5.9.3.085 01.31.2006 W32/Mimail.gen@MM UNA 1.83 01.31.2006 no virus found VBA32 3.10.5 01.31.2006 no virus found VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. [...] ----/---- From martinh at solid-state-logic.com Wed Feb 8 14:53:42 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Feb 8 14:54:09 2006 Subject: More 4.50.15 woes on FreeBSD In-Reply-To: <43E9FB4D.6040402@tulsaconnect.com> Message-ID: <002b01c62cbf$75c77760$3004010a@martinhlaptop> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of TCIS List Acct > Sent: 08 February 2006 14:08 > To: MailScanner discussion > Subject: Re: More 4.50.15 woes on FreeBSD > > > Solid State Logic > > Tel: +44 (0)1865 842300 > > Ok, I updated all Perl modules to the level of your system or newer (with > the > exceptions of the modules installed by Perl itself), with the same > results: > > This is Perl version 5.008002 (5.8.2) > > This is MailScanner version 4.50.15 > Module versions are: > 1.00 AnyDBM_File > 1.16 Archive::Zip > 1.01 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.72 File::Basename > 2.06 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.16 File::Temp > 1.32 HTML::Entities > 3.48 HTML::Parser > 2.35 HTML::TokeParser > 1.22 IO > 1.13 IO::File > 1.13 IO::Pipe > 1.73 Mail::Header > 3.05 MIME::Base64 > 5.419 MIME::Decoder > 5.419 MIME::Decoder::UU > 5.419 MIME::Head > 5.419 MIME::Parser > 3.03 MIME::QuotedPrint > 5.419 MIME::Tools > 0.11 Net::CIDR > 1.06 POSIX > 1.76 Socket > 0.04 Sys::Syslog > 1.86 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.807 DB_File > 1.11 DBD::SQLite > 1.50 DBI > 1.05 Digest > 1.01 Digest::HMAC > 2.33 Digest::MD5 > 2.10 Digest::SHA1 > 0.44 Inline > missing Mail::ClamAV > 3.001000 Mail::SpamAssassin > 1.998 Mail::SPF::Query > 0.19 Net::CIDR::Lite > 0.48 Net::DNS > missing Net::LDAP > 1.94 Parse::RecDescent > missing SAVI > 1.4 Sys::Hostname::Long > 2.30 Test::Harness > 0.47 Test::Simple > 1.95 Text::Balanced > 1.35 URI > > I guess my next step is to upgrade to Perl 5.8.8, as that seemed to be the > only > difference between your setup and mine. What version of exim are you > running? > > -- > > ----------------------------------------- > Mike Bacher / listacct@tulsaconnect.com Mik Running exim 4.43 - not that that will make much difference as it doesn't talk to exim directly. I'd suggest running MailScanner in debug mode and see if you can spot anything there... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From prandal at herefordshire.gov.uk Wed Feb 8 14:56:33 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Feb 8 14:56:59 2006 Subject: symantec scan on MailScanner Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580B0D3D4B@isabella.herefordshire.gov.uk> Good counter-example! I've had malware detected by McAfee's uvscan before Bitdefender and ClamAV too. But recently Bitdefender's been getting some of the Trojan.Downloader.Small-xxx variants well before McAfee or ClamAV. As far as I'm concerned, the more scanners the merrier, as long as your MailScanner box can handle the load. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of shrek-m@gmx.de > Sent: 08 February 2006 14:12 > To: MailScanner discussion > Subject: Re: symantec scan on MailScanner > > On 08.02.2006 14:52, Randal, Phil wrote: > > >Play it safe. Add Bitdefender as well, not instead... > > > >And then gather the stats and see if Symantec catches > nothing the that > >the others do. > > > > http://www.virustotal.com/flash/virustotal_en.html > eg. wendy.zip is w32/mimail-m (sophos) > > -------- > This is a report processed by VirusTotal on 01/31/2006 at > 20:59:57 (CET) after scanning the file "*wendy.zip*" file. > > Antivirus Version Update Result > > AntiVir 6.33.0.81 01.31.2006 no virus found > Avast 4.6.695.0 01.31.2006 no virus found > AVG 718 01.31.2006 no virus found > Avira 6.33.0.81 01.31.2006 no virus found > BitDefender 7.2 01.31.2006 no virus found > CAT-QuickHeal 8.00 01.31.2006 no virus found > ClamAV devel-20060126 01.31.2006 no virus found > DrWeb 4.33 01.31.2006 no virus found > eTrust-InoculateIT 23.71.64 01.31.2006 no virus found > eTrust-Vet 12.4.2060 01.30.2006 Win32/Mimail.M > Ewido 3.5 01.31.2006 no virus found > Fortinet 2.54.0.0 01.31.2006 no virus found > F-Prot 3.16c 01.31.2006 suspicious > Ikarus 0.2.59.0 01.31.2006 Email-Worm.Win32.Mimail.M > Kaspersky 4.0.2.24 01.31.2006 Email-Worm.Win32.Mimail.m > McAfee 4686 01.31.2006 no virus found > NOD32v2 1.1389 01.31.2006 error - password-protected file > Norman 5.70.10 01.31.2006 no virus found > Panda 9.0.0.4 01.31.2006 no virus found > Sophos 4.02.0 01.31.2006 W32/Mimail-M > Symantec 8.0 01.31.2006 W32.Mimail.M@mm > TheHacker 5.9.3.085 01.31.2006 W32/Mimail.gen@MM > UNA 1.83 01.31.2006 no virus found > VBA32 3.10.5 01.31.2006 no virus found > > VirusTotal is a free service offered by Hispasec Sistemas. > There are no guarantees about the availability and continuity > of this service. [...] > ----/---- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From gborders at jlewiscooper.com Wed Feb 8 15:00:18 2006 From: gborders at jlewiscooper.com (Greg Borders) Date: Wed Feb 8 15:01:10 2006 Subject: Fun with fetchmail Message-ID: <43EA0782.1070802@jlewiscooper.com> Greets gang, I've just recently inherited a multibox POP3 account from one of my alternate domains that's currently being held on a hosted site. (I'd bring it in house... but it's a long story.) I've got fetchmail polling it with a cron job, and it plops it into the sendmail inbound stream nicely, and MailScanner gobbles up all the junk just fine. Sadly, 98% of it is junk, and I'd like to do some front end filtering, but it's not coming thru the normal SMTP channel. Any tips on things I could add in that would lighten the load on my MailScanner? Greg Borders Sys. Admin. JLC Co. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From meburke at rocomai.com Wed Feb 8 15:03:00 2006 From: meburke at rocomai.com (meburke@rocomai.com) Date: Wed Feb 8 15:03:03 2006 Subject: Delivery testing? Message-ID: <20060208090300.xgk9iq3wed3c40c8@webmail.rocomai.com> cPanel uses exim as an MTA and includes MailScanner. exim includes a debug option to emulate delivery of mail from address to another by the command: exim -f sender@domain.ext -bt recipient@domain.ext but I get the result: recipient@domain.ext annot be resolved at this time: All deliveries are handled by MailScanner Does anyone know of a way to verify that the mail is successfully passed for scanning, and also that the mail is queued for delivery properly after scanning? Ideally, I'd like to trace the message from composition to delivery. Thanks, Mike Burke From dmehler26 at woh.rr.com Wed Feb 8 15:47:40 2006 From: dmehler26 at woh.rr.com (Dave) Date: Wed Feb 8 15:56:49 2006 Subject: per-domain whitelist, did i get it right? References: <86144ED6CE5B004DA23E1EAC0B569B580B0D3CC1@isabella.herefordshire.gov.uk> Message-ID: <000501c62cc6$fec49280$0200a8c0@satellite> Hello, I've enabled the functions in mailscanner.conf for per-domain whitelists and blacklists. I then created /etc/MailScanner/spam.bydomain/{whitelists blacklists} and in the whitelists directory i created a file i'll call it domain1.com. In that i added a line: user1@domain4.com Did i get it right? Thanks. Dave. From dhawal at netmagicsolutions.com Wed Feb 8 16:04:28 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Feb 8 16:04:20 2006 Subject: per-domain whitelist, did i get it right? In-Reply-To: <000501c62cc6$fec49280$0200a8c0@satellite> References: <86144ED6CE5B004DA23E1EAC0B569B580B0D3CC1@isabella.herefordshire.gov.uk> <000501c62cc6$fec49280$0200a8c0@satellite> Message-ID: <43EA168C.8090004@netmagicsolutions.com> Dave wrote: > Hello, > I've enabled the functions in mailscanner.conf for per-domain whitelists > and blacklists. I then created > /etc/MailScanner/spam.bydomain/{whitelists blacklists} and in the > whitelists directory i created a file i'll call it domain1.com. In that > i added a line: > user1@domain4.com > Did i get it right? > Thanks. > Dave. Looks alright.. send a mail from user1@domain4.com to anyid@domain1.com.. Tail the logs or check the headers later to check if it worked.. BTW, did you restart MailScanner?? - dhawal From glenn.steen at gmail.com Wed Feb 8 16:11:36 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 8 16:11:39 2006 Subject: OT: Shell Script In-Reply-To: <20060208135844.GA13896@bnl.gov> References: <43E8E215.4060702@trayerproducts.com> <20060207182156.GA26518@bnl.gov> <223f97700602080308m3a5e8a2o@mail.gmail.com> <20060208135844.GA13896@bnl.gov> Message-ID: <223f97700602080811o1adee9c9j@mail.gmail.com> On 08/02/06, Tim Sailer wrote: > On Wed, Feb 08, 2006 at 12:08:19PM +0100, Glenn Steen wrote: > > On 07/02/06, Tim Sailer wrote: > > (snip) > > > for file in `echo *` > > (snip) > > Tim, just curious... Why do you go the "long route around" backticks > > and an echo, just to use the same shell "wildcarding" mechanism as a > > single "*" would give you? > > That cannot be necessary... Just use an * and you'll be fine... As in > > ... > > for file in * > > do > > Well, yes, for the most part. I guess I'm just showing my age, unix-wise. > Back in the good old days with the standard Bourne shell, globbing didn't > quite work like the present. In the far reaches of my memory, I do beleive you might be right:-). Not so any more though;). > Plus, * by itself means a lot of things to > the shells. Not really;). > Evaling the results of the 'echo -n' and '-n' by itself may > have different results, if a file was created with the name '-n'. Again, not really, at least not any more... If you're after "pathifying" them, using ./* or a find would do the trick (only real way of defeating "option-like" filenames)... Otherwise the -n filename would be lost to the echo. > > Habit, I guess. After all these years, that sequence just flows off > my fingertips... I'm sure I do my share of "old crud typing" too... For years (hm, more like "decade(s)", come to think of it) I was guilty of "the tripple sync before shutdown" on systems that simply didn't need them...:-) Thanks for the answer. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Wed Feb 8 16:55:40 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Feb 8 17:01:28 2006 Subject: symantec scan on MailScanner In-Reply-To: <43E93D4C.2020201@robhq.com> References: <43E91E5E.10704@robhq.com> <43E9395E.6010207@nkpanama.com> <43E93D4C.2020201@robhq.com> Message-ID: Rob Freeman spake the following on 2/7/2006 4:37 PM: > Alex Neuman van der Hans wrote: >> Which ones do you already have? >> >> Rob Freeman wrote: >>> I was wondering if anyone was using this with MailScanner. We are >>> looking to add another virus scan engine and got a good deal through >>> our parent company. >>> Thanks in advance >>> >>> Rob >> > Currently using clam, f-prot, and avg. We just got audited, and they > wanted us to add one of the " big " vendors to the list. We went through that with auditors.. They wanted us to put a lock on the back door to our server room.. They didn't even look to see that the other side of the door is blocked by some virtually immovable furniture. The metal, bolted together cubicle stuff. Covers the whole wall, and took us all day just to get it in there. I think they would just break the glass on our side if they wanted in that bad.. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From Cleveland at winnefox.org Wed Feb 8 17:11:16 2006 From: Cleveland at winnefox.org (Jody Cleveland) Date: Wed Feb 8 17:06:24 2006 Subject: Outlook Rich Text Format messages - how to let through? Message-ID: <9720CA43F755A148BF65B6618B90CB94126305@magneto.wals.local> > I vaguely remember someone (on this list or some other list) > writing a > utility to extract tnef (winmail.dat) and re-attach them as normal > attachments. Let me see if i can dig it out. That would be fantastic, thank you. - jody From ssilva at sgvwater.com Wed Feb 8 17:02:28 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Feb 8 17:09:09 2006 Subject: symantec scan on MailScanner In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580B0D3CC1@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580B0D3CC1@isabella.herefordshire.gov.uk> Message-ID: Randal, Phil spake the following on 2/8/2006 3:10 AM: > What platform are you running on? If it's Linux, I'd seriously > recommend adding Bitdefender too. It often catches stuff that ClamAV > and McAfee don't catch here. > > My past experience of Symantec is that they were way too slow with their > pattern updates, but this may have changed in recent > days/weeks/months/years ;-) > > Cheers, > > Phil > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Rob Freeman >> Sent: 08 February 2006 01:48 >> To: MailScanner discussion >> Subject: Re: symantec scan on MailScanner >> >> Alex Neuman van der Hans wrote: >>> BDC? >>> >>> Rob Freeman wrote: >>>> Alex Neuman van der Hans wrote: >>>>> Which ones do you already have? >>>>> >>>>> Rob Freeman wrote: >>>>>> I was wondering if anyone was using this with >> MailScanner. We are >>>>>> looking to add another virus scan engine and got a good deal >>>>>> through our parent company. >>>>>> Thanks in advance >>>>>> >>>>>> Rob >>>> Currently using clam, f-prot, and avg. We just got >> audited, and they >>>> wanted us to add one of the " big " vendors to the list. >> They do not include that on the " big " ones. We work for a >> bank and they want something the recognize like mcafee, >> Symantec, etc etc. We have not had an email virus in 3 >> years, but per the audit they asked for more of a known name >> scanner. They gave us a deal on Symantec. The wonders of >> working for a big company. And Symantec's linux offering just seems to be a toss at capturing what they see as a small market. My PHB's are perfectly happy with the Clam, BitDefender, McAfee combo, and are happy to spend the money elsewhere. But I work for a privately held utility company, so any money they don't spend stays in someones pocket. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From steve.swaney at fsl.com Wed Feb 8 17:21:08 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Feb 8 17:21:12 2006 Subject: Outlook Rich Text Format messages - how to let through? In-Reply-To: <9720CA43F755A148BF65B6618B90CB94126305@magneto.wals.local> Message-ID: <200602081721.k18HLAEs010652@bkserver.blacknight.ie> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jody Cleveland > Sent: Wednesday, February 08, 2006 12:11 PM > To: MailScanner discussion > Subject: RE: Outlook Rich Text Format messages - how to let through? > > > I vaguely remember someone (on this list or some other list) > > writing a > > utility to extract tnef (winmail.dat) and re-attach them as normal > > attachments. Let me see if i can dig it out. > > That would be fantastic, thank you. > > - jody > -- http://ytnef.sourceforge.net/ I quote from the Sourceforge page: "ytnef is a program to decode TNEF streams (winmail.dat). Unlike other similar programs, it can also decode meeting requests and create VCal entries for easy import. It can also create vCard entries from contact cards and vTodo entries from task entries. It also has a Perl script that can be used in procmail recipes to automatically reformat incoming mail appropriately." It might be possible rework this code to plug into MailScanner as a "Generic Virus Scanner". Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From alex at nkpanama.com Wed Feb 8 17:31:56 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 8 17:32:08 2006 Subject: Outlook Rich Text Format messages - how to let through? In-Reply-To: References: Message-ID: <43EA2B0C.7040403@nkpanama.com> Happens all the time. I've had to deal with a major insurance group here in Panama whose mail admin: * installed MailScanner (poorly, including sending notifies for forged viruses and other NDR joe-job-prone crap) * has a broken tnef expander implementation, * is protecting a braindead M-Sexchange version -4 or something * is forcing everyone to use RTF I've noticed Outlook Express will receive and not parse the TNEF attachment, although in extreme cases I've had to right-click, properties, message source, copy, paste into a uudecoder, then into a tnef expander in order to get to the file. As long as nobody tells the PHB's there - in a way they'll understand and believe - that the person in charge of maintaining their mail infrastructure doesn't really know what they're doing, this crap will go on. In the meantime you and I deal with it as best as possible, while documenting the reasons so that when confronted by incompetent admins with completely bogus advice/reasons/excuses for e-mail not going through you can "point them in the right direction". > I noticed something interesting with the blocking of TNF attachments: When > an Outlook Express user complained and I released the message from > quarantine it was delivered successfully but the attachment still appeared > totally invisible to the OE user. It seems that as OE is incapable of > parsing these attachments it ignores them completely. Is this what other > people have found? If I am correct, then it is a major benefit to have > them blocked so that the recipients can for the first time see what they > are missing because of the senders' incompetent MS Outlook configuration. > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From alex at nkpanama.com Wed Feb 8 17:36:23 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 8 17:36:44 2006 Subject: OT: Shell Script In-Reply-To: <223f97700602080811o1adee9c9j@mail.gmail.com> References: <43E8E215.4060702@trayerproducts.com> <20060207182156.GA26518@bnl.gov> <223f97700602080308m3a5e8a2o@mail.gmail.com> <20060208135844.GA13896@bnl.gov> <223f97700602080811o1adee9c9j@mail.gmail.com> Message-ID: <43EA2C17.8010205@nkpanama.com> Up to recently I'd do a sync;sync;shutdown [parameters]... Glenn Steen wrote: > On 08/02/06, Tim Sailer wrote: > >> On Wed, Feb 08, 2006 at 12:08:19PM +0100, Glenn Steen wrote: >> >>> On 07/02/06, Tim Sailer wrote: >>> (snip) >>> >>>> for file in `echo *` >>>> >>> (snip) >>> Tim, just curious... Why do you go the "long route around" backticks >>> and an echo, just to use the same shell "wildcarding" mechanism as a >>> single "*" would give you? >>> That cannot be necessary... Just use an * and you'll be fine... As in >>> ... >>> for file in * >>> do >>> >> Well, yes, for the most part. I guess I'm just showing my age, unix-wise. >> Back in the good old days with the standard Bourne shell, globbing didn't >> quite work like the present. >> > In the far reaches of my memory, I do beleive you might be right:-). > Not so any more though;). > > >> Plus, * by itself means a lot of things to >> the shells. >> > Not really;). > > >> Evaling the results of the 'echo -n' and '-n' by itself may >> have different results, if a file was created with the name '-n'. >> > Again, not really, at least not any more... If you're after > "pathifying" them, using ./* or a find would do the trick (only real > way of defeating "option-like" filenames)... Otherwise the -n filename > would be lost to the echo. > > >> Habit, I guess. After all these years, that sequence just flows off >> my fingertips... >> > > I'm sure I do my share of "old crud typing" too... For years (hm, more > like "decade(s)", come to think of it) I was guilty of "the tripple > sync before shutdown" on systems that simply didn't need them...:-) > > Thanks for the answer. > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060208/d9dcb5f9/attachment-0001.html From ssilva at sgvwater.com Wed Feb 8 17:28:04 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Feb 8 17:38:00 2006 Subject: Fun with fetchmail In-Reply-To: <43EA0782.1070802@jlewiscooper.com> References: <43EA0782.1070802@jlewiscooper.com> Message-ID: Greg Borders spake the following on 2/8/2006 7:00 AM: > Greets gang, > > I've just recently inherited a multibox POP3 account from one of my > alternate domains that's currently being held on a hosted site. (I'd > bring it in house... but it's a long story.) I've got fetchmail polling > it with a cron job, and it plops it into the sendmail inbound stream > nicely, and MailScanner gobbles up all the junk just fine. Sadly, 98% > of it is junk, and I'd like to do some front end filtering, but it's not > coming thru the normal SMTP channel. Any tips on things I could add in > that would lighten the load on my MailScanner? > > Greg Borders > Sys. Admin. > JLC Co. > > -- > This transmission may contain information that is privileged, confidential > and/or exempt from disclosure under applicable law. If you are not the > intended recipient, you are hereby notified that any disclosure, copying, > distribution, or use of the information contained herein (including any > reliance thereon) is STRICTLY PROHIBITED. If you received this transmission > in error, please immediately contact the sender and destroy the material in > its entirety, whether in electronic or hard copy format. Thank you. > If it is on the same box, I think it would just move the load, not lighten it. If the Fetchmail process was on another box, you could use mimedefang with spamassassin and clam to kill a lot of it. Maybe you could do something at the hosted site? Maybe mention to them that these progs are available, and they could offer it to their clients, increasing their value, and making them look like the hero to them. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From listacct at tulsaconnect.com Wed Feb 8 17:38:02 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Wed Feb 8 17:38:03 2006 Subject: Per-Domain Whitelist not honoring IP addresses Message-ID: <43EA2C7A.7030809@tulsaconnect.com> I'm using the &ByDomainSpamWhitelist function in 4.47.4. I have a "global" whitelist file located at: /etc/MailScanner/spam.bydomain/whitelist/default The file contains domain names, one per line. I recently tried to add an IP address to it, e.g. 1.2.3. which should match 1.2.3.4, 1.2.3.5, etc. per the documentation in CustomConfig.pm. However, mail from those hosts are still being marked as spam / not being whitelisted. Domain names contained in that file are working fine. Did I miss something? -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From smf at f2s.com Wed Feb 8 17:56:41 2006 From: smf at f2s.com (Steve Freegard) Date: Wed Feb 8 17:54:20 2006 Subject: Per-Domain Whitelist not honoring IP addresses In-Reply-To: <43EA2C7A.7030809@tulsaconnect.com> References: <43EA2C7A.7030809@tulsaconnect.com> Message-ID: <1139421402.16590.140.camel@localhost.localdomain> Hi Mike, On Wed, 2006-02-08 at 11:38 -0600, TCIS List Acct wrote: > I'm using the &ByDomainSpamWhitelist function in 4.47.4. I have a > "global" whitelist file located at: > > /etc/MailScanner/spam.bydomain/whitelist/default > > The file contains domain names, one per line. I recently tried to add > an IP address to it, e.g. > > 1.2.3. > > which should match 1.2.3.4, 1.2.3.5, etc. per the documentation in > CustomConfig.pm. > > However, mail from those hosts are still being marked as spam / not > being whitelisted. Domain names contained in that file are working > fine. Did I miss something? Yes - wildcards are not supported at all. The functionality is exact match only. Regards, Steve. From dhawal at netmagicsolutions.com Wed Feb 8 18:15:47 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Feb 8 18:15:34 2006 Subject: Problem with new MS 4.50.14 install In-Reply-To: <43E8FDBC.1010801@dynamictelecard.com> References: <43E8FDBC.1010801@dynamictelecard.com> Message-ID: <43EA3553.9040109@netmagicsolutions.com> Jeff Davis wrote: > Can someone point me in the right direction? > > I have a fresh install of Postfix 2.1.5, MailScanner 4.50.14, and > the SA-ClamAV package ( ClamAV .88, SA 3.1.0) > > The problem is when I start up MailScanner I see some config > continuously looping in the maillog and the incoming/outgoing > messages just sit in the hold queue. > > The initial MS install went off quite well. > Postfix worked before Mailscanner install. > ...and if I shut MailScanner off postfix still works, > although I have to push the files through due to the HOLD header check. > > I followed the directions for a postfix config and change the Run As user and > group to postfix, and I've set my Incoming Queue Dir = /var/spool/postfix/hold > and Outgoing Queue Dir = /var/spool/postfix/incoming > > I chown'd my MailScanner dirs: > drwx------ 2 postfix postfix 4096 Feb 7 11:48 incoming > drwx------ 2 postfix postfix 4096 Feb 1 17:38 quarantine > > Have I missed something obvious in the MailScanner config? Mostly looks fine.. the looping is *perceived* as mailscanner will log events for every child process.. see 'Max Children' option in MailScanner.conf As for the postfix problem, double check everything from here http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation - dhawal > > Log snippet> > Feb 7 14:49:51 mta MailScanner[27675]: MailScanner E-Mail Virus Scanner version > 4.50.14 starting... > Feb 7 14:49:52 mta MailScanner[27675]: Read 701 hostnames from the phishing > whitelist > Feb 7 14:49:52 mta MailScanner[27675]: Config: calling custom init function > SQLBlacklist > Feb 7 14:49:52 mta MailScanner[27675]: Starting up SQL Blacklist > Feb 7 14:49:52 mta MailScanner[27675]: Read 0 blacklist entries > Feb 7 14:49:52 mta MailScanner[27675]: Config: calling custom init function > MailWatchLogging > Feb 7 14:49:52 mta MailScanner[27675]: Started SQL Logging child > Feb 7 14:49:52 mta MailScanner[27675]: Config: calling custom init function > SQLWhitelist > Feb 7 14:49:52 mta MailScanner[27675]: Starting up SQL Whitelist > Feb 7 14:49:52 mta MailScanner[27675]: Read 0 whitelist entries > Feb 7 14:49:52 mta MailScanner[27675]: Using SpamAssassin results cache > Feb 7 14:49:52 mta MailScanner[27675]: Connected to SpamAssassin cache database > Feb 7 14:50:02 mta MailScanner[27681]: MailScanner E-Mail Virus Scanner version > 4.50.14 starting... > Feb 7 14:50:03 mta MailScanner[27681]: Read 701 hostnames from the phishing > whitelist > Feb 7 14:50:03 mta MailScanner[27681]: Config: calling custom init function > SQLBlacklist > Feb 7 14:50:03 mta MailScanner[27681]: Starting up SQL Blacklist > Feb 7 14:50:03 mta MailScanner[27681]: Read 0 blacklist entries > Feb 7 14:50:03 mta MailScanner[27681]: Config: calling custom init function > MailWatchLogging > Feb 7 14:50:03 mta MailScanner[27681]: Started SQL Logging child > Feb 7 14:50:03 mta MailScanner[27681]: Config: calling custom init function > SQLWhitelist > Feb 7 14:50:03 mta MailScanner[27681]: Starting up SQL Whitelist > Feb 7 14:50:03 mta MailScanner[27681]: Read 0 whitelist entries > Feb 7 14:50:03 mta MailScanner[27681]: Using SpamAssassin results cache > Feb 7 14:50:03 mta MailScanner[27681]: Connected to SpamAssassin cache database > Feb 7 14:50:13 mta MailScanner[27720]: MailScanner E-Mail Virus Scanner version > 4.50.14 starting... > Feb 7 14:50:14 mta MailScanner[27720]: Read 701 hostnames from the phishing > whitelist > Feb 7 14:50:14 mta MailScanner[27720]: Config: calling custom init function > SQLBlacklist > Feb 7 14:50:14 mta MailScanner[27720]: Starting up SQL Blacklist > Feb 7 14:50:14 mta MailScanner[27720]: Read 0 blacklist entries > Feb 7 14:50:14 mta MailScanner[27720]: Config: calling custom init function > MailWatchLogging > Feb 7 14:50:14 mta MailScanner[27720]: Started SQL Logging child > Feb 7 14:50:14 mta MailScanner[27720]: Config: calling custom init function > SQLWhitelist > Feb 7 14:50:14 mta MailScanner[27720]: Starting up SQL Whitelist > Feb 7 14:50:14 mta MailScanner[27720]: Read 0 whitelist entries > Feb 7 14:50:14 mta MailScanner[27720]: Using SpamAssassin results cache > Feb 7 14:50:14 mta MailScanner[27720]: Connected to SpamAssassin cache database > From rgreen at trayerproducts.com Wed Feb 8 18:16:04 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Wed Feb 8 18:16:42 2006 Subject: Archive Filter Message-ID: <43EA3564.1030605@trayerproducts.com> Hello, Is there a known way to filter mail that is to be archived? I'd rather not have spam archived, if at all possible. Any suggestions are welcome. Thanks, Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gmane at tippingmar.com Wed Feb 8 18:29:49 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Wed Feb 8 18:41:10 2006 Subject: x86_64 mail servers Message-ID: I'm getting ready to migrate a MailScanner server to new hardware. The new machine has an Opteron chip. Assuming I use a linux distro that comes in both x86 and x86_64 versions, is there any reason to avoid the x86_64 version? (I'm not asking about which distro to use!) I'm running a similar machine as a file server using x86_64 so I am somewhat familiar with it, but that machine uses mostly software that came with the distro and is already compiled. The MailScanner machine needs more third-party stuff and I wonder about the ability to obtain and compile all those perl modules and so forth. I've seen comments on this list that the x86_64 didn't seem to make much difference and I admit it is simpler to use the plain x86 version, but it bothers me a little to intentionally not use the software that is specifically configured for the chip. Thanks for any insights. Mark Nienberg Tipping Mar + associates Berkeley, CA From Denis.Beauchemin at USherbrooke.ca Wed Feb 8 18:42:00 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Feb 8 18:42:18 2006 Subject: OT: Shell Script In-Reply-To: <43EA2C17.8010205@nkpanama.com> References: <43E8E215.4060702@trayerproducts.com> <20060207182156.GA26518@bnl.gov> <223f97700602080308m3a5e8a2o@mail.gmail.com> <20060208135844.GA13896@bnl.gov> <223f97700602080811o1adee9c9j@mail.gmail.com> <43EA2C17.8010205@nkpanama.com> Message-ID: <43EA3B78.7050602@USherbrooke.ca> Alex Neuman van der Hans wrote: > Up to recently I'd do a sync;sync;shutdown [parameters]... > > Glenn Steen wrote: > >>On 08/02/06, Tim Sailer wrote: >> >> >>>On Wed, Feb 08, 2006 at 12:08:19PM +0100, Glenn Steen wrote: >>> >>> >>>>On 07/02/06, Tim Sailer wrote: >>>>(snip) >>>> >>>> >>>>>for file in `echo *` >>>>> >>>>> >>>>(snip) >>>>Tim, just curious... Why do you go the "long route around" backticks >>>>and an echo, just to use the same shell "wildcarding" mechanism as a >>>>single "*" would give you? >>>>That cannot be necessary... Just use an * and you'll be fine... As in >>>>... >>>>for file in * >>>>do >>>> >>>> >>>Well, yes, for the most part. I guess I'm just showing my age, unix-wise. >>>Back in the good old days with the standard Bourne shell, globbing didn't >>>quite work like the present. >>> >>> >>In the far reaches of my memory, I do beleive you might be right:-). >>Not so any more though;). >> >> >> >>>Plus, * by itself means a lot of things to >>>the shells. >>> >>> >>Not really;). >> >> >> >>>Evaling the results of the 'echo -n' and '-n' by itself may >>>have different results, if a file was created with the name '-n'. >>> >>> >>Again, not really, at least not any more... If you're after >>"pathifying" them, using ./* or a find would do the trick (only real >>way of defeating "option-like" filenames)... Otherwise the -n filename >>would be lost to the echo. >> >> >> >>>Habit, I guess. After all these years, that sequence just flows off >>>my fingertips... >>> >>> >> >>I'm sure I do my share of "old crud typing" too... For years (hm, more >>like "decade(s)", come to think of it) I was guilty of "the tripple >>sync before shutdown" on systems that simply didn't need them...:-) >> >>Thanks for the answer. >>-- >>-- Glenn >>email: glenn < dot > steen < at > gmail < dot > com >>work: glenn < dot > steen < at > ap1 < dot > se >> >> I too learned many years ago on somewhat limited versions of Unix: Venix, Berkeley, AT&T, SunOS. But the current Linux distros are much better than those old versions. For example, I used to "tar cf - * | (cd /some-other-dir; tar xvfB -)" to copy from one dir to the other; now I do a "cp -a * /some-other-dir"! I also used to "sync;sync;halt", but now I can just "halt". The "diff -r" is also handy in comparing directory trees (goes recursively). I also love bash's Esc-. that recalls the last parameter typed on the previous command line, and Ctrl-R that searches back in the command history... And there is also vim-enhanced that uses color to help us code more easily... Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060208/53be8140/smime.bin From glenn.steen at gmail.com Wed Feb 8 18:49:54 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 8 18:49:59 2006 Subject: OT: Shell Script In-Reply-To: <43EA2C17.8010205@nkpanama.com> References: <43E8E215.4060702@trayerproducts.com> <20060207182156.GA26518@bnl.gov> <223f97700602080308m3a5e8a2o@mail.gmail.com> <20060208135844.GA13896@bnl.gov> <223f97700602080811o1adee9c9j@mail.gmail.com> <43EA2C17.8010205@nkpanama.com> Message-ID: <223f97700602081049v5da6e2c8k@mail.gmail.com> On 08/02/06, Alex Neuman van der Hans wrote: > Up to recently I'd do a sync;sync;shutdown [parameters]... > :-) ... And when was the last time you did that on a system that a) didn't do an fs sync in the shutdown command itself, and b) actually needed the time it took for you to type the rest to complete the first sync _and_ didn't block during the sync...? Oh well, ancient history that turned into one of thos unix legends:-). For our younger audince, one might add that this was sometime just after the dinosaurs went extinct, and probably before the invention of the eraseable tty...:-):-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mkettler at evi-inc.com Wed Feb 8 19:00:43 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Feb 8 19:00:54 2006 Subject: x86_64 mail servers In-Reply-To: References: Message-ID: <43EA3FDB.6060701@evi-inc.com> Mark Nienberg wrote: > I've seen comments on this list that the x86_64 didn't seem to make much > difference and I admit it is simpler to use the plain x86 version, but > it bothers me a little to intentionally not use the software that is > specifically configured for the chip. Why does it bother you? Theoretically x86-64 should be slightly slower for most uses unless you: 1) have a process that needs > 4gb of virtual address space -or- 2) does a lot of 64 bit math that can't be performed with SSE The ability to have huge processes and large amounts of physical ram is the primary benefit of using a 64 bit computing architecture. The drawback is that pointers become larger, taking up more memory, and causing more memory I/O than would be needed if the app was 32bit. Unless you're actually using the larger memory space you're increasing overhead without any benefit whatsoever. Very few apps have such large memory footprints outside the realm of scientific simulation or massive database crunching. The other benefit of a 64bit computing architecture is the ability to do 64 bit math operations in one instruction instead of a series of 32 bit operations. However, very few applications regularly have any use for 64 bit operations outside of crypto, some games, and high-end engineering/physics. Even these regularly get their needs filled by using SSE, so the 64-bit math benefit is very limited. There's some benefit here to apps using 64-bit file offsets or 64 bit time format, but I've never seen a "regular" application where either kind of calculation was performed often enough to have a noticeable impact on performance. Some scientific simulations may do a lot of 64bit time calculations, but most of those could readily use SSE for it. From glenn.steen at gmail.com Wed Feb 8 19:04:53 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 8 19:04:57 2006 Subject: OT: Shell Script In-Reply-To: <43EA3B78.7050602@USherbrooke.ca> References: <43E8E215.4060702@trayerproducts.com> <20060207182156.GA26518@bnl.gov> <223f97700602080308m3a5e8a2o@mail.gmail.com> <20060208135844.GA13896@bnl.gov> <223f97700602080811o1adee9c9j@mail.gmail.com> <43EA2C17.8010205@nkpanama.com> <43EA3B78.7050602@USherbrooke.ca> Message-ID: <223f97700602081104p6e90b9daq@mail.gmail.com> On 08/02/06, Denis Beauchemin wrote: > Alex Neuman van der Hans wrote: > > > Up to recently I'd do a sync;sync;shutdown [parameters]... > > (snip) > > I too learned many years ago on somewhat limited versions of Unix: > Venix, Berkeley, AT&T, SunOS. But the current Linux distros are much > better than those old versions. Venix ... the horror (Only touched it briefly, no taint transfered:-):-) Well, Linux isn't unix and has a somewhat other way of doing things... But basically, I do agree. And even the modern unices have improved drastically on this poit ... and most did so quite some time ago:-). > > For example, I used to "tar cf - * | (cd /some-other-dir; tar xvfB -)" > to copy from one dir to the other; now I do a "cp -a * /some-other-dir"! Yes, but the tar-copy will always work (you can be sure there is a tar, but not really GNU utilities;). > I also used to "sync;sync;halt", but now I can just "halt". This is turning into a SaNSA meeting... Sysadmins-Not-So-Anonymous:-). Who brought the chicken wings?:) > > The "diff -r" is also handy in comparing directory trees (goes recursively). > > I also love bash's Esc-. that recalls the last parameter typed on the > previous command line, and Ctrl-R that searches back in the command > history... > > And there is also vim-enhanced that uses color to help us code more > easily... ... Real help for us colorblind persons....:-) > > Denis > > -- > _ > ?v? Denis Beauchemin, analyste > /(_)\ Universit? de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x2252 F: 819.821.8045 > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Feb 8 19:15:35 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 8 19:15:41 2006 Subject: Archive Filter In-Reply-To: <43EA3564.1030605@trayerproducts.com> References: <43EA3564.1030605@trayerproducts.com> Message-ID: <223f97700602081115p1cd16245h@mail.gmail.com> On 08/02/06, Rodney Green wrote: > Hello, > > Is there a known way to filter mail that is to be archived? I'd rather > not have spam archived, if at all possible. Any suggestions are welcome. > > Thanks, > Rod > I assume you use the Archive feature of MailScanner.... Apart from dropping as much as possible (with the usual caveats about rbls in the MTA etc) at the MTA, letting MS do anything more before archiving the mail would defeat the purpose of the feature (saving as pristine a copy as possible). Instead of using that feature you might instead "archive" by doing a forward to an "archive recipient" in the Non Spam Actions, but then you'd get them after MS had altered them.... Kind of a case of either having the cake or eating it (if there is such a saying in English-speaking countries:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rcooper at dwford.com Wed Feb 8 20:00:54 2006 From: rcooper at dwford.com (Rick Cooper) Date: Wed Feb 8 20:01:01 2006 Subject: Outlook Rich Text Format messages - how to let through? In-Reply-To: <200602081721.k18HLAEs010652@bkserver.blacknight.ie> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Stephen > Swaney > Sent: Wednesday, February 08, 2006 12:21 PM > To: 'MailScanner discussion' > Subject: RE: Outlook Rich Text Format messages - how to let through? > > > [..] > > http://ytnef.sourceforge.net/ > > I quote from the Sourceforge page: > > "ytnef is a program to decode TNEF streams (winmail.dat). Unlike other > similar programs, it can also decode meeting requests and create VCal > entries for easy import. It can also create vCard entries from > contact cards > and vTodo entries from task entries. It also has a Perl script that can be > used in procmail recipes to automatically reformat incoming mail > appropriately." > > It might be possible rework this code to plug into MailScanner as > a "Generic > Virus Scanner". > > Steve > I looked at this and I don't think it would work as a generic virus scanner (would be called at the wrong time), but it doesn't look like it would be too difficult to incorporate into MailScanner. However, the ytnefprocess.pl has a couple of short commings I can see: 1. It uses a lot of backticks, they could be replaced by internal perl in most cases, except the external call to /usr/bin/ytnef. That could be handled by SafePipe easily. 2. It takes it's input from STDIN and outputs to STDOUT. That could be changed to file I/O easy enough Since it would have to be called before the tnef handling it would have to be called at the top of the explode function so the new attachments could be extracted and scanned (I assume, Julian?). I would think this would be better made a function and perhaps it could be used like the unrar where a check for /usr/bin/ytnef is made and it's used if there and the calling block is ignored if it's not there. The tests I did seemed to be fast and created regular attachments from the tnef junk so I am thinking of patching it in for my own installs but I am wondering what Julian thinks as far as main-streaming it? I attached a copy of the perl script I used in testing Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: ytnefprocess.pl Type: application/octet-stream Size: 2295 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060208/708f5318/ytnefprocess.obj From rgreen at trayerproducts.com Wed Feb 8 20:04:53 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Wed Feb 8 20:05:18 2006 Subject: Archive Filter In-Reply-To: <223f97700602081115p1cd16245h@mail.gmail.com> References: <43EA3564.1030605@trayerproducts.com> <223f97700602081115p1cd16245h@mail.gmail.com> Message-ID: <43EA4EE5.6070201@trayerproducts.com> > > I assume you use the Archive feature of MailScanner.... Apart from > dropping as much as possible (with the usual caveats about rbls in the > MTA etc) at the MTA, letting MS do anything more before archiving the > mail would defeat the purpose of the feature (saving as pristine a > copy as possible). > Instead of using that feature you might instead "archive" by doing a > forward to an "archive recipient" in the Non Spam Actions, but then > you'd get them after MS had altered them.... Kind of a case of either > having the cake or eating it (if there is such a saying in > English-speaking countries:-). > Thanks Glenn. I am using the MS archive feature. I'd like to be able to continue archiving mail into individual user mbox files but I'd also like to eliminate all of the spam that is being stored in those files taking up unnecessary space on the drive. It would be nice if one could use the same archiving feature for non spam mail. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Wed Feb 8 20:07:28 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 8 20:08:24 2006 Subject: OT: Shell Script In-Reply-To: <43EA3B78.7050602@USherbrooke.ca> References: <43E8E215.4060702@trayerproducts.com> <20060207182156.GA26518@bnl.gov> <223f97700602080308m3a5e8a2o@mail.gmail.com> <20060208135844.GA13896@bnl.gov> <223f97700602080811o1adee9c9j@mail.gmail.com> <43EA2C17.8010205@nkpanama.com> <43EA3B78.7050602@USherbrooke.ca> Message-ID: <43EA4F80.7010600@nkpanama.com> I was lucky enough to have access to wordstar / wordperfect / whatever - never had to bother with vi or emacs (or cousin EDLIN.EXE for that matter) :) Denis Beauchemin wrote: > > Denis > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From alex at nkpanama.com Wed Feb 8 20:11:08 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 8 20:11:17 2006 Subject: Outlook Rich Text Format messages - how to let through? In-Reply-To: References: Message-ID: <43EA505C.7010907@nkpanama.com> Would love the idea. IANAP but I can help with translation, testing, etc. Rick Cooper wrote: > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Stephen >> Swaney >> Sent: Wednesday, February 08, 2006 12:21 PM >> To: 'MailScanner discussion' >> Subject: RE: Outlook Rich Text Format messages - how to let through? >> >> >> >> > [..] > >> http://ytnef.sourceforge.net/ >> >> I quote from the Sourceforge page: >> >> "ytnef is a program to decode TNEF streams (winmail.dat). Unlike other >> similar programs, it can also decode meeting requests and create VCal >> entries for easy import. It can also create vCard entries from >> contact cards >> and vTodo entries from task entries. It also has a Perl script that can be >> used in procmail recipes to automatically reformat incoming mail >> appropriately." >> >> It might be possible rework this code to plug into MailScanner as >> a "Generic >> Virus Scanner". >> >> Steve >> >> > > I looked at this and I don't think it would work as a generic virus scanner > (would be called at the wrong time), but it doesn't look like it would be > too difficult to incorporate into MailScanner. However, the ytnefprocess.pl > has a couple of short commings I can see: > 1. It uses a lot of backticks, they could be replaced by internal perl in > most cases, except the external call to > /usr/bin/ytnef. That could be handled by SafePipe easily. > 2. It takes it's input from STDIN and outputs to STDOUT. That could be > changed to file I/O easy enough > > Since it would have to be called before the tnef handling it would have to > be called at the top of the explode function so the new attachments could be > extracted and scanned (I assume, Julian?). I would think this would be > better made a function and perhaps it could be used like the unrar where a > check for /usr/bin/ytnef is made and it's used if there and the calling > block is ignored if it's not there. The tests I did seemed to be fast and > created regular attachments from the tnef junk so I am thinking of patching > it in for my own installs but I am wondering what Julian thinks as far as > main-streaming it? > > I attached a copy of the perl script I used in testing > > Rick > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060208/8d044718/attachment.html From glenn.steen at gmail.com Wed Feb 8 20:22:49 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 8 20:22:52 2006 Subject: Archive Filter In-Reply-To: <43EA4EE5.6070201@trayerproducts.com> References: <43EA3564.1030605@trayerproducts.com> <223f97700602081115p1cd16245h@mail.gmail.com> <43EA4EE5.6070201@trayerproducts.com> Message-ID: <223f97700602081222w43c71441n@mail.gmail.com> On 08/02/06, Rodney Green wrote: > > > > I assume you use the Archive feature of MailScanner.... Apart from > > dropping as much as possible (with the usual caveats about rbls in the > > MTA etc) at the MTA, letting MS do anything more before archiving the > > mail would defeat the purpose of the feature (saving as pristine a > > copy as possible). > > Instead of using that feature you might instead "archive" by doing a > > forward to an "archive recipient" in the Non Spam Actions, but then > > you'd get them after MS had altered them.... Kind of a case of either > > having the cake or eating it (if there is such a saying in > > English-speaking countries:-). > > > > Thanks Glenn. I am using the MS archive feature. I'd like to be able to > continue archiving mail into individual user mbox files but I'd also > like to eliminate all of the spam that is being stored in those files > taking up unnecessary space on the drive. It would be nice if one could > use the same archiving feature for non spam mail. > Ok. Unfortunately, that's not really possible within MS as is now, AFAICS (I also distinctly remember Jules commenting on this before.... And giving the same answer... Check the ML archives @gmane, my memory has been known to have been ... rusted.... before:). What you could do is keep track of the spams/viruses (in the quarantine, perhaps) and script up something that would "clean the archive, after the fact"... Not really hard, but not really easy either... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Feb 8 20:30:28 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 8 20:30:32 2006 Subject: Outlook Rich Text Format messages - how to let through? In-Reply-To: References: <200602081721.k18HLAEs010652@bkserver.blacknight.ie> Message-ID: <223f97700602081230p188b20c0n@mail.gmail.com> On 08/02/06, Rick Cooper wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Stephen > > Swaney > > Sent: Wednesday, February 08, 2006 12:21 PM > > To: 'MailScanner discussion' > > Subject: RE: Outlook Rich Text Format messages - how to let through? > > > > > > > [..] > > > > http://ytnef.sourceforge.net/ > > > > I quote from the Sourceforge page: > > > > "ytnef is a program to decode TNEF streams (winmail.dat). Unlike other > > similar programs, it can also decode meeting requests and create VCal > > entries for easy import. It can also create vCard entries from > > contact cards > > and vTodo entries from task entries. It also has a Perl script that can be > > used in procmail recipes to automatically reformat incoming mail > > appropriately." > > > > It might be possible rework this code to plug into MailScanner as > > a "Generic > > Virus Scanner". > > > > Steve > > > > I looked at this and I don't think it would work as a generic virus scanner > (would be called at the wrong time), but it doesn't look like it would be > too difficult to incorporate into MailScanner. However, the ytnefprocess.pl > has a couple of short commings I can see: > 1. It uses a lot of backticks, they could be replaced by internal perl in > most cases, except the external call to > /usr/bin/ytnef. That could be handled by SafePipe easily. > 2. It takes it's input from STDIN and outputs to STDOUT. That could be > changed to file I/O easy enough > > Since it would have to be called before the tnef handling it would have to > be called at the top of the explode function so the new attachments could be > extracted and scanned (I assume, Julian?). I would think this would be > better made a function and perhaps it could be used like the unrar where a > check for /usr/bin/ytnef is made and it's used if there and the calling > block is ignored if it's not there. The tests I did seemed to be fast and > created regular attachments from the tnef junk so I am thinking of patching > it in for my own installs but I am wondering what Julian thinks as far as > main-streaming it? > > I attached a copy of the perl script I used in testing > > Rick > Hi Rick, Jules is on a 10-day holiday... Remind me to remind you in approximately 9 days to "reopen" this thread (assuming it's gone slumbering by then), so he doesn't miss this one. Cheers, -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at nkpanama.com Wed Feb 8 20:31:11 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 8 20:31:23 2006 Subject: Archive Filter In-Reply-To: <223f97700602081222w43c71441n@mail.gmail.com> References: <43EA3564.1030605@trayerproducts.com> <223f97700602081115p1cd16245h@mail.gmail.com> <43EA4EE5.6070201@trayerproducts.com> <223f97700602081222w43c71441n@mail.gmail.com> Message-ID: <43EA550F.8070404@nkpanama.com> True... you could set up a script that runs every so often and deletes messages with X-Spam-Status: yes or something like that... right? Glenn Steen wrote: > On 08/02/06, Rodney Green wrote: > >>> I assume you use the Archive feature of MailScanner.... Apart from >>> dropping as much as possible (with the usual caveats about rbls in the >>> MTA etc) at the MTA, letting MS do anything more before archiving the >>> mail would defeat the purpose of the feature (saving as pristine a >>> copy as possible). >>> Instead of using that feature you might instead "archive" by doing a >>> forward to an "archive recipient" in the Non Spam Actions, but then >>> you'd get them after MS had altered them.... Kind of a case of either >>> having the cake or eating it (if there is such a saying in >>> English-speaking countries:-). >>> >>> >> Thanks Glenn. I am using the MS archive feature. I'd like to be able to >> continue archiving mail into individual user mbox files but I'd also >> like to eliminate all of the spam that is being stored in those files >> taking up unnecessary space on the drive. It would be nice if one could >> use the same archiving feature for non spam mail. >> >> > Ok. Unfortunately, that's not really possible within MS as is now, > AFAICS (I also distinctly remember Jules commenting on this before.... > And giving the same answer... Check the ML archives @gmane, my memory > has been known to have been ... rusted.... before:). What you could do > is keep track of the spams/viruses (in the quarantine, perhaps) and > script up something that would "clean the archive, after the fact"... > Not really hard, but not really easy either... > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060208/6935c437/attachment.html From randall.hand at gmail.com Wed Feb 8 20:32:49 2006 From: randall.hand at gmail.com (Randall Hand) Date: Wed Feb 8 20:41:45 2006 Subject: Outlook Rich Text Format messages - how to let through? References: <200602081721.k18HLAEs010652@bkserver.blacknight.ie> Message-ID: Rick Cooper dwford.com> writes: > > > > -----Original Message----- > > > I looked at this and I don't think it would work as a generic virus scanner > (would be called at the wrong time), but it doesn't look like it would be > too difficult to incorporate into MailScanner. However, the ytnefprocess.pl > has a couple of short commings I can see: > 1. It uses a lot of backticks, they could be replaced by internal perl in > most cases, except the external call to > /usr/bin/ytnef. That could be handled by SafePipe easily. > 2. It takes it's input from STDIN and outputs to STDOUT. That could be > changed to file I/O easy enough > > Since it would have to be called before the tnef handling it would have to > be called at the top of the explode function so the new attachments could be > extracted and scanned (I assume, Julian?). I would think this would be > better made a function and perhaps it could be used like the unrar where a > check for /usr/bin/ytnef is made and it's used if there and the calling > block is ignored if it's not there. The tests I did seemed to be fast and > created regular attachments from the tnef junk so I am thinking of patching > it in for my own installs but I am wondering what Julian thinks as far as > main-streaming it? > > I attached a copy of the perl script I used in testing > > Just saw this pop up on my BlogLines search feed, I'm the developer of ytnef. A friend of mine, Viraj Alankar (www.viraj.org) helped me develope yTnef and is an avid fan of Communigate. If you check his website, towards the bottom you'll see a set of scripts he put together to use ytnef & Clam antivirus with Communigate. You might find those a better starting point that the meager ytnef_process.pl . I'm not a perl guru, I'll freely admin that, so the ytnef_process.pl is really not much more than a "proof of concept". I've been meaning to revisit the code for ytnef for a while, & make it a little more "library friendly". Would any of you be willing to lend some expertise? From rcooper at dwford.com Wed Feb 8 20:44:09 2006 From: rcooper at dwford.com (Rick Cooper) Date: Wed Feb 8 20:44:15 2006 Subject: Outlook Rich Text Format messages - how to let through? In-Reply-To: <223f97700602081230p188b20c0n@mail.gmail.com> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Glenn > Steen > Sent: Wednesday, February 08, 2006 3:30 PM > To: MailScanner discussion > Subject: Re: Outlook Rich Text Format messages - how to let through? > [...] > Hi Rick, > > Jules is on a 10-day holiday... Remind me to remind you in > approximately 9 days to "reopen" this thread (assuming it's gone > slumbering by then), so he doesn't miss this one. > Cheers, > -- > -- Glenn I will put it on my calendar, I think this would best be function and Julian is the one to make that decision, and I hate the idea of yet another patch to maintain ;-) Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Wed Feb 8 20:44:24 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 8 20:44:30 2006 Subject: Archive Filter In-Reply-To: <43EA550F.8070404@nkpanama.com> References: <43EA3564.1030605@trayerproducts.com> <223f97700602081115p1cd16245h@mail.gmail.com> <43EA4EE5.6070201@trayerproducts.com> <223f97700602081222w43c71441n@mail.gmail.com> <43EA550F.8070404@nkpanama.com> Message-ID: <223f97700602081244r51083fc2r@mail.gmail.com> On 08/02/06, Alex Neuman van der Hans wrote: > True... you could set up a script that runs every so often and deletes > messages with X-Spam-Status: yes or something like that... right? > Yeah, well... If one runs MailWatch one could use the nice things in the maillog table to identify the "affected" messages... But the "hairy" part is to script up the part that edits the mbox file(s) on the fly (and safely), so to speak. Or perhaps there are some not-that-invasive tool around that could help with that... Haven't really looked for something like that. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rcooper at dwford.com Wed Feb 8 20:52:18 2006 From: rcooper at dwford.com (Rick Cooper) Date: Wed Feb 8 20:52:26 2006 Subject: Outlook Rich Text Format messages - how to let through? In-Reply-To: Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Randall > Hand > Sent: Wednesday, February 08, 2006 3:33 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: Outlook Rich Text Format messages - how to let through? > > > > > Rick Cooper dwford.com> writes: > > > > > > > > -----Original Message----- > > > > > I looked at this and I don't think it would work as a generic > virus scanner > > (would be called at the wrong time), but it doesn't look like > it would be > > too difficult to incorporate into MailScanner. However, the > ytnefprocess.pl > > has a couple of short commings I can see: > > 1. It uses a lot of backticks, they could be replaced by > internal perl in > > most cases, except the external call to > > /usr/bin/ytnef. That could be handled by SafePipe easily. > > 2. It takes it's input from STDIN and outputs to STDOUT. > That could be > > changed to file I/O easy enough > > > > Since it would have to be called before the tnef handling it > would have to > > be called at the top of the explode function so the new > attachments could be > > extracted and scanned (I assume, Julian?). I would think this would be > > better made a function and perhaps it could be used like the > unrar where a > > check for /usr/bin/ytnef is made and it's used if there and the calling > > block is ignored if it's not there. The tests I did seemed to > be fast and > > created regular attachments from the tnef junk so I am thinking > of patching > > it in for my own installs but I am wondering what Julian thinks > as far as > > main-streaming it? > > > > I attached a copy of the perl script I used in testing > > > > > > Just saw this pop up on my BlogLines search feed, I'm the > developer of ytnef. > > A friend of mine, Viraj Alankar (www.viraj.org) helped me > develope yTnef and is > an avid fan of Communigate. If you check his website, towards > the bottom you'll > see a set of scripts he put together to use ytnef & Clam antivirus with > Communigate. You might find those a better starting point that the meager > ytnef_process.pl . > > I'm not a perl guru, I'll freely admin that, so the > ytnef_process.pl is really > not much more than a "proof of concept". I've been meaning to > revisit the code > for ytnef for a while, & make it a little more "library > friendly". Would any of > you be willing to lend some expertise? > It looked like something put together to demonstrate it's purpose but it certainly provides a basic framework. I would be happy to give you anything I can, but while I will code it perl it's not my favorite either. Have to look at the perl/C frame work used in things like Mail::ClamAV as that uses the clamav libs and the perl c glue IIRCC. Thanks for noticing the thread! Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve.swaney at fsl.com Wed Feb 8 20:59:02 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Feb 8 20:59:06 2006 Subject: Archive Filter In-Reply-To: <223f97700602081244r51083fc2r@mail.gmail.com> Message-ID: <200602082059.k18Kx4lx016919@bkserver.blacknight.ie> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Glenn Steen > Sent: Wednesday, February 08, 2006 3:44 PM > To: MailScanner discussion > Subject: Re: Archive Filter > > On 08/02/06, Alex Neuman van der Hans wrote: > > True... you could set up a script that runs every so often and deletes > > messages with X-Spam-Status: yes or something like that... right? > > > Yeah, well... If one runs MailWatch one could use the nice things in > the maillog table to identify the "affected" messages... But the > "hairy" part is to script up the part that edits the mbox file(s) on > the fly (and safely), so to speak. Or perhaps there are some > not-that-invasive tool around that could help with that... Haven't > really looked for something like that. > http://search.cpan.org/~vparseval/Mail-MboxParser-0.55/MboxParser.pm I'm sure there are more Perl modules for working with mailboxes but this one look like it would do the heavy lifting. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From ssilva at sgvwater.com Wed Feb 8 21:11:44 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Feb 8 21:13:07 2006 Subject: OT: Shell Script In-Reply-To: <223f97700602081049v5da6e2c8k@mail.gmail.com> References: <43E8E215.4060702@trayerproducts.com> <20060207182156.GA26518@bnl.gov> <223f97700602080308m3a5e8a2o@mail.gmail.com> <20060208135844.GA13896@bnl.gov> <223f97700602080811o1adee9c9j@mail.gmail.com> <43EA2C17.8010205@nkpanama.com> <223f97700602081049v5da6e2c8k@mail.gmail.com> Message-ID: Glenn Steen spake the following on 2/8/2006 10:49 AM: > On 08/02/06, Alex Neuman van der Hans wrote: >> Up to recently I'd do a sync;sync;shutdown [parameters]... >> > :-) ... And when was the last time you did that on a system that a) > didn't do an fs sync in the shutdown command itself, and b) actually > needed the time it took for you to type the rest to complete the first > sync _and_ didn't block during the sync...? Oh well, ancient history > that turned into one of thos unix legends:-). For our younger audince, > one might add that this was sometime just after the dinosaurs went > extinct, and probably before the invention of the eraseable > tty...:-):-) > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se And hard wired core memory! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From gmane at tippingmar.com Wed Feb 8 21:20:51 2006 From: gmane at tippingmar.com (Mark Nienberg) Date: Wed Feb 8 21:21:25 2006 Subject: x86_64 mail servers In-Reply-To: <43EA3FDB.6060701@evi-inc.com> References: <43EA3FDB.6060701@evi-inc.com> Message-ID: Matt Kettler wrote: > Mark Nienberg wrote: >> I've seen comments on this list that the x86_64 didn't seem to make much >> difference and I admit it is simpler to use the plain x86 version, but >> it bothers me a little to intentionally not use the software that is >> specifically configured for the chip. > > Why does it bother you? > > Theoretically x86-64 should be slightly slower for most uses unless you: > > 1) have a process that needs > 4gb of virtual address space > -or- > 2) does a lot of 64 bit math that can't be performed with SSE > > The ability to have huge processes and large amounts of physical ram is the > primary benefit of using a 64 bit computing architecture. The drawback is that > pointers become larger, taking up more memory, and causing more memory I/O than > would be needed if the app was 32bit. Unless you're actually using the larger > memory space you're increasing overhead without any benefit whatsoever. Very few > apps have such large memory footprints outside the realm of scientific > simulation or massive database crunching. > > > The other benefit of a 64bit computing architecture is the ability to do 64 bit > math operations in one instruction instead of a series of 32 bit operations. > However, very few applications regularly have any use for 64 bit operations > outside of crypto, some games, and high-end engineering/physics. Even these > regularly get their needs filled by using SSE, so the 64-bit math benefit is > very limited. > > There's some benefit here to apps using 64-bit file offsets or 64 bit time > format, but I've never seen a "regular" application where either kind of > calculation was performed often enough to have a noticeable impact on > performance. Some scientific simulations may do a lot of 64bit time > calculations, but most of those could readily use SSE for it. > So I can take the easy way out and not feel guilty about it? Fantastic! Thanks for your explanation. Mark Nienberg From mailscanner at lightpro.de Wed Feb 8 21:57:32 2006 From: mailscanner at lightpro.de (mailscanner@lightpro.de) Date: Wed Feb 8 21:57:37 2006 Subject: global switch to set which domains ar scanned Message-ID: <1139435852.30230@lightpro1.lightpro.de> Hi! I've got the following problem (it's similar to the problem I've posted before, but now I think I know what it is): In the old version of our mailscanner there was the ability to switch all scanning of and on via ruleset: Config old: # # Virus Scanning and Vulnerability Testing # ---------------------------------------- # # Do you want to scan email for viruses? # A few people don't have a virus scanner licence and so want to disable # all the virus scanning. # NOTE: This switch actually switches on/off all processing of the email # messages. If you just want to switch off actual virus scanning, # then set "Virus Scanners = none" instead. But in the new Version (Debian Sarge - 4.41.3) this paragraph isn't listed there anymore. So, is there any other option available with which I can reach the same goal (switching scanning on/off globally for whole Domains/e-Mail addresses)? Thanks a lot! Kind Regards! Ingo From glenn.steen at gmail.com Wed Feb 8 21:57:46 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 8 21:57:53 2006 Subject: Archive Filter In-Reply-To: <200602082059.k18Kx4lx016919@bkserver.blacknight.ie> References: <223f97700602081244r51083fc2r@mail.gmail.com> <200602082059.k18Kx4lx016919@bkserver.blacknight.ie> Message-ID: <223f97700602081357ta48ca14i@mail.gmail.com> On 08/02/06, Stephen Swaney wrote: > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Glenn Steen > > Sent: Wednesday, February 08, 2006 3:44 PM > > To: MailScanner discussion > > Subject: Re: Archive Filter > > > > On 08/02/06, Alex Neuman van der Hans wrote: > > > True... you could set up a script that runs every so often and deletes > > > messages with X-Spam-Status: yes or something like that... right? > > > > > Yeah, well... If one runs MailWatch one could use the nice things in > > the maillog table to identify the "affected" messages... But the > > "hairy" part is to script up the part that edits the mbox file(s) on > > the fly (and safely), so to speak. Or perhaps there are some > > not-that-invasive tool around that could help with that... Haven't > > really looked for something like that. > > > > http://search.cpan.org/~vparseval/Mail-MboxParser-0.55/MboxParser.pm > > I'm sure there are more Perl modules for working with mailboxes but this one > look like it would do the heavy lifting. > > Steve > Seems to be only RO, so would perhaps not work... And there is the problem of rewriting an mbox that is getting appended to (by MS). All that would be simpler (as always:-) in a Maildir-ish environment... :) In a life with more time.... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From joshua.hirsh at partnersolutions.ca Wed Feb 8 22:16:36 2006 From: joshua.hirsh at partnersolutions.ca (Joshua Hirsh) Date: Wed Feb 8 22:16:40 2006 Subject: global switch to set which domains ar scanned Message-ID: > I've got the following problem (it's similar to the problem > I've posted before, but now I think I know what it is): > > In the old version of our mailscanner there was the ability > to switch all scanning of and on via ruleset: Hi Ingo, Take a look at the "Scan Messages" configuration option. If you configure it with a ruleset, it will do what you're looking to accomplish. I wouldn't refer to 4.41.3 as "new" though, as it was released in May of 2005. You should consider upgrading to the latest stable (4.50.15), as it has numerous speed enhancements and other new features/fixes. Cheers ;-) -Joshua From mailscanner at lightpro.de Wed Feb 8 22:23:53 2006 From: mailscanner at lightpro.de (mailscanner@lightpro.de) Date: Wed Feb 8 22:24:03 2006 Subject: global switch to set which domains ar scanned Message-ID: <1139437433.3727@lightpro1.lightpro.de> Hi! Joshua Hirsh wrote .. > > I've got the following problem (it's similar to the problem > > I've posted before, but now I think I know what it is): > > > > In the old version of our mailscanner there was the ability > > to switch all scanning of and on via ruleset: > > > Hi Ingo, > > Take a look at the "Scan Messages" configuration option. If you configure > it with a ruleset, it will do what you're looking to accomplish. > Thanks a lot! But I don't have this conf option :) I've solved the problem with a ruleset for "Dangerous Content Scanning". Then it works... > I wouldn't refer to 4.41.3 as "new" though, as it was released in May > of 2005. You should consider upgrading to the latest stable (4.50.15), > as it has numerous speed enhancements and other new features/fixes. > It's the latest Debian Stable Version. Debian is somehow very conservative with new versions :) Kind Regards, Ingo > > Cheers ;-) > > -Joshua > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From listacct at tulsaconnect.com Thu Feb 9 02:03:10 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Thu Feb 9 02:03:14 2006 Subject: Per-Domain Whitelist not honoring IP addresses In-Reply-To: <1139421402.16590.140.camel@localhost.localdomain> References: <43EA2C7A.7030809@tulsaconnect.com> <1139421402.16590.140.camel@localhost.localdomain> Message-ID: <43EAA2DE.5080006@tulsaconnect.com> Steve Freegard wrote: > Hi Mike, > > On Wed, 2006-02-08 at 11:38 -0600, TCIS List Acct wrote: > >>I'm using the &ByDomainSpamWhitelist function in 4.47.4. I have a >>"global" whitelist file located at: >> >>/etc/MailScanner/spam.bydomain/whitelist/default >> >>The file contains domain names, one per line. I recently tried to add >>an IP address to it, e.g. >> >>1.2.3. >> >>which should match 1.2.3.4, 1.2.3.5, etc. per the documentation in >>CustomConfig.pm. >> >>However, mail from those hosts are still being marked as spam / not >>being whitelisted. Domain names contained in that file are working >>fine. Did I miss something? > > > Yes - wildcards are not supported at all. The functionality is exact > match only. > > Regards, > Steve. > Hrmm. So my only option if I wanted to whitelist, for instance, a Class C network, would be to go back to the default MailScanner whitelist functionality and ditch the per-domain stuff? -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From ishukor at gmail.com Thu Feb 9 07:58:23 2006 From: ishukor at gmail.com (Ishukor) Date: Thu Feb 9 07:58:34 2006 Subject: MailScanner And Mailwatch no Virus detected ? Message-ID: <43EAF61F.1020906@gmail.com> Hi, I have upgraded my MailScanner from 4.48.4-2 to version 4.50.15-1 and Mailwatch 1.03 using fedora Core 4, Its running fine accept no viruses was detected by mailwatch, I noticed that previously virus was mark spam+virus but now just spam thats its why no viruses log appeared on mailwatch is it a new feature? I really need the virus to be logged so I can view the report. Thanks N Brgds. From jorgen at giversen.net Thu Feb 9 08:13:21 2006 From: jorgen at giversen.net (sysadm) Date: Thu Feb 9 08:13:23 2006 Subject: MailScanner And Mailwatch no Virus detected ? In-Reply-To: <43EAF61F.1020906@gmail.com> References: <43EAF61F.1020906@gmail.com> Message-ID: <43EAF9A1.9070506@giversen.net> Ishukor skrev: > Hi, > > I have upgraded my MailScanner from 4.48.4-2 to version 4.50.15-1 and > Mailwatch 1.03 using fedora Core 4, Its running fine accept no viruses > was detected by mailwatch, I noticed that previously virus was mark > spam+virus but now just spam thats its why no viruses log appeared on > mailwatch is it a new feature? I really need the virus to be logged so > I can view the report. > > Thanks N Brgds. I have the exact same problem using RHEL4 exim 4.43, MailScanner 4.50.15-1 Mailwatch 1.03 Regards J?rgen Giversen From glenn.steen at gmail.com Thu Feb 9 08:52:08 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 9 08:52:12 2006 Subject: MailScanner And Mailwatch no Virus detected ? In-Reply-To: <43EAF9A1.9070506@giversen.net> References: <43EAF61F.1020906@gmail.com> <43EAF9A1.9070506@giversen.net> Message-ID: <223f97700602090052o454c2202w@mail.gmail.com> On 09/02/06, sysadm wrote: > Ishukor skrev: > > Hi, > > > > I have upgraded my MailScanner from 4.48.4-2 to version 4.50.15-1 and > > Mailwatch 1.03 using fedora Core 4, Its running fine accept no viruses > > was detected by mailwatch, I noticed that previously virus was mark > > spam+virus but now just spam thats its why no viruses log appeared on > > mailwatch is it a new feature? I really need the virus to be logged so > > I can view the report. > > > > Thanks N Brgds. > I have the exact same problem using RHEL4 exim 4.43, MailScanner > 4.50.15-1 Mailwatch 1.03 > Regards J?rgen Giversen > Have you checked the setting of "Keep Spam And MCP Archive Clean" in /etc/MailScanner/MailScanner.conf? I presume that if you run (manually) an AV-scanner on the spam quarantine, you get some virus hits? If the above is set to no, and the quarantined messages aren't delivered anywhere (by a deliver of forward Action), MailScanner will just keep them as spam... And you have another situation, where "timing" might be responsible for viruses residing in the spam quarantine... (A message is scanned for viruses/spam, found to be spam and thus quarantined.... and later an AV update pops in a new signature for the virus it contains, so a subsequent scan of the spam quarantine will then detect the virus the message actually contains....). Cheers, -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From a.peacock at chime.ucl.ac.uk Thu Feb 9 09:04:23 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu Feb 9 09:04:31 2006 Subject: Archive Filter In-Reply-To: <223f97700602081357ta48ca14i@mail.gmail.com> References: <223f97700602081244r51083fc2r@mail.gmail.com> <200602082059.k18Kx4lx016919@bkserver.blacknight.ie> <223f97700602081357ta48ca14i@mail.gmail.com> Message-ID: <43EB0597.8040905@chime.ucl.ac.uk> Glenn Steen wrote: > On 08/02/06, Stephen Swaney wrote: >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Glenn Steen >>> Sent: Wednesday, February 08, 2006 3:44 PM >>> To: MailScanner discussion >>> Subject: Re: Archive Filter >>> >>> On 08/02/06, Alex Neuman van der Hans wrote: >>>> True... you could set up a script that runs every so often and deletes >>>> messages with X-Spam-Status: yes or something like that... right? >>>> >>> Yeah, well... If one runs MailWatch one could use the nice things in >>> the maillog table to identify the "affected" messages... But the >>> "hairy" part is to script up the part that edits the mbox file(s) on >>> the fly (and safely), so to speak. Or perhaps there are some >>> not-that-invasive tool around that could help with that... Haven't >>> really looked for something like that. >>> >> http://search.cpan.org/~vparseval/Mail-MboxParser-0.55/MboxParser.pm >> >> I'm sure there are more Perl modules for working with mailboxes but this one >> look like it would do the heavy lifting. >> >> Steve >> > Seems to be only RO, so would perhaps not work... And there is the > problem of rewriting an mbox that is getting appended to (by MS). All > that would be simpler (as always:-) in a Maildir-ish environment... :) > In a life with more time.... Look for Mail::Box::Manager on CPAN. I use this a lot for manageing mailbox files, it even copes with locking. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From dhawal at netmagicsolutions.com Thu Feb 9 09:29:31 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Feb 9 09:29:38 2006 Subject: MailScanner And Mailwatch no Virus detected ? In-Reply-To: <223f97700602090052o454c2202w@mail.gmail.com> References: <43EAF61F.1020906@gmail.com> <43EAF9A1.9070506@giversen.net> <223f97700602090052o454c2202w@mail.gmail.com> Message-ID: <20060209092931.4511.qmail@mymail.netmagicians.com> Glenn Steen writes: > On 09/02/06, sysadm wrote: >> Ishukor skrev: >> > Hi, >> > >> > I have upgraded my MailScanner from 4.48.4-2 to version 4.50.15-1 and >> > Mailwatch 1.03 using fedora Core 4, Its running fine accept no viruses >> > was detected by mailwatch, I noticed that previously virus was mark >> > spam+virus but now just spam thats its why no viruses log appeared on >> > mailwatch is it a new feature? I really need the virus to be logged so >> > I can view the report. >> > >> > Thanks N Brgds. >> I have the exact same problem using RHEL4 exim 4.43, MailScanner >> 4.50.15-1 Mailwatch 1.03 >> Regards J?rgen Giversen >> > > Have you checked the setting of "Keep Spam And MCP Archive Clean" in > /etc/MailScanner/MailScanner.conf? > I presume that if you run (manually) an AV-scanner on the spam > quarantine, you get some virus hits? If the above is set to no, and > the quarantined messages aren't delivered anywhere (by a deliver of > forward Action), MailScanner will just keep them as spam... > And you have another situation, where "timing" might be responsible > for viruses residing in the spam quarantine... (A message is scanned > for viruses/spam, found to be spam and thus quarantined.... and later > an AV update pops in a new signature for the virus it contains, so a > subsequent scan of the spam quarantine will then detect the virus the > message actually contains....). > Cheers, i think that they are getting detected but not displayed in Mailwatch due to the new Virus Scanners = Auto setting.. looks like you'll need to redefine the Virus Regex in Mailwatch - dhawal From glenn.steen at gmail.com Thu Feb 9 09:34:48 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 9 09:34:51 2006 Subject: MailScanner And Mailwatch no Virus detected ? In-Reply-To: <20060209092931.4511.qmail@mymail.netmagicians.com> References: <43EAF61F.1020906@gmail.com> <43EAF9A1.9070506@giversen.net> <223f97700602090052o454c2202w@mail.gmail.com> <20060209092931.4511.qmail@mymail.netmagicians.com> Message-ID: <223f97700602090134j6fd9a4a4h@mail.gmail.com> On 09/02/06, Dhawal Doshy wrote: > Glenn Steen writes: > > > On 09/02/06, sysadm wrote: > >> Ishukor skrev: > >> > Hi, > >> > > >> > I have upgraded my MailScanner from 4.48.4-2 to version 4.50.15-1 and > >> > Mailwatch 1.03 using fedora Core 4, Its running fine accept no viruses > >> > was detected by mailwatch, I noticed that previously virus was mark > >> > spam+virus but now just spam thats its why no viruses log appeared on > >> > mailwatch is it a new feature? I really need the virus to be logged so > >> > I can view the report. > >> > > >> > Thanks N Brgds. > >> I have the exact same problem using RHEL4 exim 4.43, MailScanner > >> 4.50.15-1 Mailwatch 1.03 > >> Regards J?rgen Giversen > >> > > > > Have you checked the setting of "Keep Spam And MCP Archive Clean" in > > /etc/MailScanner/MailScanner.conf? > > I presume that if you run (manually) an AV-scanner on the spam > > quarantine, you get some virus hits? If the above is set to no, and > > the quarantined messages aren't delivered anywhere (by a deliver of > > forward Action), MailScanner will just keep them as spam... > > And you have another situation, where "timing" might be responsible > > for viruses residing in the spam quarantine... (A message is scanned > > for viruses/spam, found to be spam and thus quarantined.... and later > > an AV update pops in a new signature for the virus it contains, so a > > subsequent scan of the spam quarantine will then detect the virus the > > message actually contains....). > > Cheers, > > i think that they are getting detected but not displayed in Mailwatch due to > the new Virus Scanners = Auto setting.. looks like you'll need to redefine > the Virus Regex in Mailwatch > > - dhawal True. Another thing would eb to be explicit about the AVs used in MailScanner.conf ... Until Steve finds the time to implement a similar "auto-detect" thing. But I guess that'll have to wait untill version 2:) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Feb 9 10:03:48 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 9 10:03:53 2006 Subject: Archive Filter In-Reply-To: <43EB0597.8040905@chime.ucl.ac.uk> References: <223f97700602081244r51083fc2r@mail.gmail.com> <200602082059.k18Kx4lx016919@bkserver.blacknight.ie> <223f97700602081357ta48ca14i@mail.gmail.com> <43EB0597.8040905@chime.ucl.ac.uk> Message-ID: <223f97700602090203g5a46ec10n@mail.gmail.com> On 09/02/06, Anthony Peacock wrote: > Glenn Steen wrote: > > On 08/02/06, Stephen Swaney wrote: > >>> -----Original Message----- > >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >>> bounces@lists.mailscanner.info] On Behalf Of Glenn Steen > >>> Sent: Wednesday, February 08, 2006 3:44 PM > >>> To: MailScanner discussion > >>> Subject: Re: Archive Filter > >>> > >>> On 08/02/06, Alex Neuman van der Hans wrote: > >>>> True... you could set up a script that runs every so often and deletes > >>>> messages with X-Spam-Status: yes or something like that... right? > >>>> > >>> Yeah, well... If one runs MailWatch one could use the nice things in > >>> the maillog table to identify the "affected" messages... But the > >>> "hairy" part is to script up the part that edits the mbox file(s) on > >>> the fly (and safely), so to speak. Or perhaps there are some > >>> not-that-invasive tool around that could help with that... Haven't > >>> really looked for something like that. > >>> > >> http://search.cpan.org/~vparseval/Mail-MboxParser-0.55/MboxParser.pm > >> > >> I'm sure there are more Perl modules for working with mailboxes but this one > >> look like it would do the heavy lifting. > >> > >> Steve > >> > > Seems to be only RO, so would perhaps not work... And there is the > > problem of rewriting an mbox that is getting appended to (by MS). All > > that would be simpler (as always:-) in a Maildir-ish environment... :) > > In a life with more time.... > > Look for Mail::Box::Manager on CPAN. I use this a lot for manageing > mailbox files, it even copes with locking. > Oooh, nice. I actually saw that late last night, but prioritized sleeping, for some reason:-). As seen in various examples, like http://marc.theaimsgroup.com/?l=perl-mailbox&m=106941106608956&w=2 and the filter examples ... it would definitely be able to do what Rodney (and perhaps others too) needs. Just a simple case of finding the Message-IDs and greping out the messages and then deleting... Now, just to find the time to type something up...:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ufficiotecnico at acknow.it Thu Feb 9 10:24:05 2006 From: ufficiotecnico at acknow.it (Ufficio tecnico Acknow S.r.l.) Date: Thu Feb 9 10:24:45 2006 Subject: postgresql Message-ID: <00ee01c62d62$f783c210$5f011eac@pcenrico> Hello, is it possible to use postgresql to log all related mail message like in mailwatch with mysql Thanks -------------------- Enrico Grava Acknow S.r.l. -------------------- -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi da MailScanner, ed e' risultato non infetto. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060209/9482cb88/attachment.html From mailscanner at mckerrs.net Thu Feb 9 11:28:05 2006 From: mailscanner at mckerrs.net (Mailscanner) Date: Thu Feb 9 11:28:22 2006 Subject: x86_64 mail servers In-Reply-To: References: <43EA3FDB.6060701@evi-inc.com> Message-ID: <43EB2745.4070204@mckerrs.net> Mark Nienberg wrote: > Matt Kettler wrote: > >> Mark Nienberg wrote: >> >>> I've seen comments on this list that the x86_64 didn't seem to make >>> much >>> difference and I admit it is simpler to use the plain x86 version, but >>> it bothers me a little to intentionally not use the software that is >>> specifically configured for the chip. >> >> >> Why does it bother you? >> >> Theoretically x86-64 should be slightly slower for most uses unless you: >> >> 1) have a process that needs > 4gb of virtual address space >> -or- >> 2) does a lot of 64 bit math that can't be performed with SSE >> >> The ability to have huge processes and large amounts of physical ram >> is the >> primary benefit of using a 64 bit computing architecture. The >> drawback is that >> pointers become larger, taking up more memory, and causing more >> memory I/O than >> would be needed if the app was 32bit. Unless you're actually using >> the larger >> memory space you're increasing overhead without any benefit >> whatsoever. Very few >> apps have such large memory footprints outside the realm of scientific >> simulation or massive database crunching. >> >> >> The other benefit of a 64bit computing architecture is the ability to >> do 64 bit >> math operations in one instruction instead of a series of 32 bit >> operations. >> However, very few applications regularly have any use for 64 bit >> operations >> outside of crypto, some games, and high-end engineering/physics. Even >> these >> regularly get their needs filled by using SSE, so the 64-bit math >> benefit is >> very limited. >> >> There's some benefit here to apps using 64-bit file offsets or 64 bit >> time >> format, but I've never seen a "regular" application where either kind of >> calculation was performed often enough to have a noticeable impact on >> performance. Some scientific simulations may do a lot of 64bit time >> calculations, but most of those could readily use SSE for it. >> > > So I can take the easy way out and not feel guilty about it? Fantastic! > > Thanks for your explanation. > > Mark Nienberg > One thing that the i386 version will do it disable AMD's cool 'n quiet. It appears only to work when you run in 64bit mode. My server runs in my garage so heat (or lack thereof) is more imporant to me than a 'slightly' slower machine. Has anyone quantified 'slightly' ? Bards. From glenn.steen at gmail.com Thu Feb 9 11:39:38 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 9 11:39:40 2006 Subject: postgresql In-Reply-To: <00ee01c62d62$f783c210$5f011eac@pcenrico> References: <00ee01c62d62$f783c210$5f011eac@pcenrico> Message-ID: <223f97700602090339h3775fddak@mail.gmail.com> On 09/02/06, Ufficio tecnico Acknow S.r.l. wrote: > > Hello, > is it possible to use postgresql to log all related mail message like in > mailwatch with mysql > Thanks > > > > -------------------- > Enrico Grava > Acknow S.r.l. > -------------------- Steve is currently working on MailWatch version 2.0 that will use Postgresql instead of MySQL. IIRC there was much discussion about this more than a year ago on the mailwatch list, and possibly a patch or two... You could search that list;-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From jgg at giversen.net Thu Feb 9 11:39:58 2006 From: jgg at giversen.net (sysadm) Date: Thu Feb 9 11:40:00 2006 Subject: MailScanner And Mailwatch no Virus detected ? In-Reply-To: <20060209092931.4511.qmail@mymail.netmagicians.com> References: <43EAF61F.1020906@gmail.com> <43EAF9A1.9070506@giversen.net> <223f97700602090052o454c2202w@mail.gmail.com> <20060209092931.4511.qmail@mymail.netmagicians.com> Message-ID: <43EB2A0E.2030408@giversen.net> Dhawal Doshy skrev: > Glenn Steen writes: > > > i think that they are getting detected but not displayed in Mailwatch > due to > the new Virus Scanners = Auto setting.. looks like you'll need to > redefine > the Virus Regex in Mailwatch > > - dhawal Correct if I change the Virus Scanners = Auto setting back to its original setting it works fine again. -J?rgen Giversen From rgreen at trayerproducts.com Thu Feb 9 12:11:33 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Thu Feb 9 12:11:49 2006 Subject: Archive Filter In-Reply-To: <223f97700602090203g5a46ec10n@mail.gmail.com> References: <223f97700602081244r51083fc2r@mail.gmail.com> <200602082059.k18Kx4lx016919@bkserver.blacknight.ie> <223f97700602081357ta48ca14i@mail.gmail.com> <43EB0597.8040905@chime.ucl.ac.uk> <223f97700602090203g5a46ec10n@mail.gmail.com> Message-ID: <43EB3175.6070006@trayerproducts.com> Glenn Said: >> Look for Mail::Box::Manager on CPAN. I use this a lot for manageing >> mailbox files, it even copes with locking. >> >> > Oooh, nice. I actually saw that late last night, but prioritized > sleeping, for some reason:-). > As seen in various examples, like > http://marc.theaimsgroup.com/?l=perl-mailbox&m=106941106608956&w=2 > and the filter examples ... it would definitely be able to do what > Rodney (and perhaps others too) needs. Just a simple case of finding > the Message-IDs and greping out the messages and then deleting... Now, > just to find the time to type something up...:-) > > -- > I'm not much of a programmer so it would take me days to do something with that module. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Cleveland at winnefox.org Thu Feb 9 13:45:03 2006 From: Cleveland at winnefox.org (Jody Cleveland) Date: Thu Feb 9 13:39:58 2006 Subject: Outlook Rich Text Format messages - how to let through? Message-ID: <9720CA43F755A148BF65B6618B90CB941263A9@magneto.wals.local> So, is this new with this version of mailscanner? I've never had it block those messages before. - jody > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Jody Cleveland > Sent: Wednesday, February 08, 2006 11:11 AM > To: MailScanner discussion > Subject: RE: Outlook Rich Text Format messages - how to let through? > > > I vaguely remember someone (on this list or some other list) > > writing a > > utility to extract tnef (winmail.dat) and re-attach them as normal > > attachments. Let me see if i can dig it out. > > That would be fantastic, thank you. > > - jody > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From martinh at solid-state-logic.com Thu Feb 9 13:48:53 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Feb 9 13:49:02 2006 Subject: Outlook Rich Text Format messages - how to let through? In-Reply-To: <9720CA43F755A148BF65B6618B90CB941263A9@magneto.wals.local> Message-ID: <000d01c62d7f$907a79c0$3004010a@martinhlaptop> Yes it's a new filetype/filename block with 4.50. I disable it as I find I get too many false positives. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jody Cleveland > Sent: 09 February 2006 13:45 > To: MailScanner discussion > Subject: RE: Outlook Rich Text Format messages - how to let through? > > So, is this new with this version of mailscanner? I've never had it > block those messages before. > > - jody > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Jody Cleveland > > Sent: Wednesday, February 08, 2006 11:11 AM > > To: MailScanner discussion > > Subject: RE: Outlook Rich Text Format messages - how to let through? > > > > > I vaguely remember someone (on this list or some other list) > > > writing a > > > utility to extract tnef (winmail.dat) and re-attach them as normal > > > attachments. Let me see if i can dig it out. > > > > That would be fantastic, thank you. > > > > - jody > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From shuttlebox at gmail.com Thu Feb 9 14:01:24 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Feb 9 14:01:28 2006 Subject: Archive Filter In-Reply-To: <43EA550F.8070404@nkpanama.com> References: <43EA3564.1030605@trayerproducts.com> <223f97700602081115p1cd16245h@mail.gmail.com> <43EA4EE5.6070201@trayerproducts.com> <223f97700602081222w43c71441n@mail.gmail.com> <43EA550F.8070404@nkpanama.com> Message-ID: <625385e30602090601s49f4e65en29b454d4ceb727c9@mail.gmail.com> On 2/8/06, Alex Neuman van der Hans wrote: > > True... you could set up a script that runs every so often and deletes > messages with X-Spam-Status: yes or something like that... right? The quarantine/archive stores messages as they were when they came in so they wouldn't have any X-Spam-Status headers you could rely on. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060209/c15df05e/attachment.html From alex at nkpanama.com Thu Feb 9 14:09:29 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Feb 9 14:09:42 2006 Subject: Archive Filter In-Reply-To: <625385e30602090601s49f4e65en29b454d4ceb727c9@mail.gmail.com> References: <43EA3564.1030605@trayerproducts.com> <223f97700602081115p1cd16245h@mail.gmail.com> <43EA4EE5.6070201@trayerproducts.com> <223f97700602081222w43c71441n@mail.gmail.com> <43EA550F.8070404@nkpanama.com> <625385e30602090601s49f4e65en29b454d4ceb727c9@mail.gmail.com> Message-ID: <43EB4D19.1010409@nkpanama.com> True... Didn't think of that one... shuttlebox wrote: > On 2/8/06, *Alex Neuman van der Hans* > wrote: > > True... you could set up a script that runs every so often and > deletes messages with X-Spam-Status: yes or something like that... > right? > > > The quarantine/archive stores messages as they were when they came in > so they wouldn't have any X-Spam-Status headers you could rely on. > > -- > /peter -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060209/ab75ad7c/attachment.html From Cleveland at winnefox.org Thu Feb 9 14:20:09 2006 From: Cleveland at winnefox.org (Jody Cleveland) Date: Thu Feb 9 14:15:14 2006 Subject: Outlook Rich Text Format messages - how to let through? Message-ID: <9720CA43F755A148BF65B6618B90CB941263AE@magneto.wals.local> > Yes it's a new filetype/filename block with 4.50. > > I disable it as I find I get too many false positives. What's the proper way to disable it? I tried putting this into filetype.rules.conf: deny Transport Neutral Encapsulation Format Windows security vulnerability No Outlook Rich Text Format messages due to security hole, use HTML instead But, they still get blocked. I tried switching that to allow, and they still get blocked. - jody From jeff at dynamictelecard.com Thu Feb 9 14:18:48 2006 From: jeff at dynamictelecard.com (Jeff Davis) Date: Thu Feb 9 14:19:04 2006 Subject: Debugging & SA.pm Message-ID: <43EB4F48.4090505@dynamictelecard.com> I've narrowed my problem. Everything including mailwatch works fine except when I have Use Spamassassin = yes Then the messages just sit in the hold queue. I tried turnning on debugging in MailScanner.conf and I see this when I restart. Is this a db permissions problem? (That line has a CREATE TABLE statement.) Starting MailScanner daemons: incoming postfix: [ OK ] outgoing postfix: [ OK ] MailScanner: In Debugging mode, not forking... Can't call method "do" on an undefined value at /usr/lib/MailScanner/MailScanner/SA.pm line 172. [ OK ] From shuttlebox at gmail.com Thu Feb 9 14:19:02 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Feb 9 14:19:07 2006 Subject: Outlook Rich Text Format messages - how to let through? In-Reply-To: <9720CA43F755A148BF65B6618B90CB941263AE@magneto.wals.local> References: <9720CA43F755A148BF65B6618B90CB941263AE@magneto.wals.local> Message-ID: <625385e30602090619g6041c93ci250a8fa63cd5c5f1@mail.gmail.com> On 2/9/06, Jody Cleveland wrote: > > What's the proper way to disable it? > > I tried putting this into filetype.rules.conf: > deny Transport Neutral Encapsulation Format Windows > security vulnerability No Outlook Rich > Text Format messages due to security hole, use HTML instead > > But, they still get blocked. I tried switching that to allow, and they > still get blocked. > Did you reload (or restart) MS? If you did, look for winmail.dat in filename.rules.conf. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060209/ee15d5ed/attachment.html From rgreen at trayerproducts.com Thu Feb 9 14:24:40 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Thu Feb 9 14:24:54 2006 Subject: Archive Filter In-Reply-To: <43EB4D19.1010409@nkpanama.com> References: <43EA3564.1030605@trayerproducts.com> <223f97700602081115p1cd16245h@mail.gmail.com> <43EA4EE5.6070201@trayerproducts.com> <223f97700602081222w43c71441n@mail.gmail.com> <43EA550F.8070404@nkpanama.com> <625385e30602090601s49f4e65en29b454d4ceb727c9@mail.gmail.com> <43EB4D19.1010409@nkpanama.com> Message-ID: <43EB50A8.6020908@trayerproducts.com> Alex Neuman van der Hans wrote: > True... Didn't think of that one... > > shuttlebox wrote: >> On 2/8/06, *Alex Neuman van der Hans* > > wrote: >> >> True... you could set up a script that runs every so often and >> deletes messages with X-Spam-Status: yes or something like >> that... right? >> >> >> The quarantine/archive stores messages as they were when they came in >> so they wouldn't have any X-Spam-Status headers you could rely on. >> >> -- >> /peter Seems like it would be a good thing to add the ability to apply a rules file like archive.rules to "non spam" mail actions. "Cross country skiing is great if you live in a small country." - Steven Wright Honor the Fallen -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Cleveland at winnefox.org Thu Feb 9 14:31:35 2006 From: Cleveland at winnefox.org (Jody Cleveland) Date: Thu Feb 9 14:26:33 2006 Subject: Outlook Rich Text Format messages - how to let through? Message-ID: <9720CA43F755A148BF65B6618B90CB941263BC@magneto.wals.local> > Did you reload (or restart) MS? If you did, look for > winmail.dat in filename.rules.conf. Yes, I did. There is an entry in filename.rules.conf for winmail.dat. Should that be set to allow? Also, in filetype, should that be allow? - jody From gborders at jlewiscooper.com Thu Feb 9 14:26:52 2006 From: gborders at jlewiscooper.com (Greg Borders) Date: Thu Feb 9 14:27:11 2006 Subject: Archive Filter In-Reply-To: <43EB4D19.1010409@nkpanama.com> References: <43EA3564.1030605@trayerproducts.com> <223f97700602081115p1cd16245h@mail.gmail.com> <43EA4EE5.6070201@trayerproducts.com> <223f97700602081222w43c71441n@mail.gmail.com> <43EA550F.8070404@nkpanama.com> <625385e30602090601s49f4e65en29b454d4ceb727c9@mail.gmail.com> <43EB4D19.1010409@nkpanama.com> Message-ID: <43EB512C.9080802@jlewiscooper.com> If you are using MailWatch, perhaps you could use the info stored in the database about the archived files, and do some pruning of messages thru that system instead. Possibility in that Steve? Greg. Borders SysAdmin JLC Co. Alex Neuman van der Hans wrote: > True... Didn't think of that one... > > shuttlebox wrote: >> On 2/8/06, *Alex Neuman van der Hans* > > wrote: >> >> True... you could set up a script that runs every so often and >> deletes messages with X-Spam-Status: yes or something like >> that... right? >> >> >> The quarantine/archive stores messages as they were when they came in >> so they wouldn't have any X-Spam-Status headers you could rely on. >> >> -- >> /peter > > -- > > Alex Neuman van der Hans > N&K Technology Consultants > Tel. +507 214-9002 - http://nkpanama.com/ > > -- > This transmission may contain information that is privileged, > confidential > and/or exempt from disclosure under applicable law. If you are not the > intended recipient, you are hereby notified that any disclosure, copying, > distribution, or use of the information contained herein (including any > reliance thereon) is STRICTLY PROHIBITED. If you received this > transmission > in error, please immediately contact the sender and destroy the > material in > its entirety, whether in electronic or hard copy format. Thank you. > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060209/73569bfd/attachment.html From shuttlebox at gmail.com Thu Feb 9 14:30:09 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Feb 9 14:30:12 2006 Subject: Outlook Rich Text Format messages - how to let through? In-Reply-To: <9720CA43F755A148BF65B6618B90CB941263BC@magneto.wals.local> References: <9720CA43F755A148BF65B6618B90CB941263BC@magneto.wals.local> Message-ID: <625385e30602090630i1276a2d4n872cb6b32f1d200e@mail.gmail.com> On 2/9/06, Jody Cleveland wrote: > > > Did you reload (or restart) MS? If you did, look for > > winmail.dat in filename.rules.conf. > > Yes, I did. There is an entry in filename.rules.conf for winmail.dat. > Should that be set to allow? Also, in filetype, should that be allow? > Allowed, removed or commented out. If you read the mail log it would tell you why it's blocking (file name and/or file type). -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060209/9857757d/attachment.html From martinh at solid-state-logic.com Thu Feb 9 14:32:13 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Feb 9 14:32:28 2006 Subject: Outlook Rich Text Format messages - how to let through? In-Reply-To: <9720CA43F755A148BF65B6618B90CB941263AE@magneto.wals.local> Message-ID: <002a01c62d85$a03f96a0$3004010a@martinhlaptop> Jody You need to check both the filenames.conf and filetypes.conf file and comment out the TNEF check lines. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jody Cleveland > Sent: 09 February 2006 14:20 > To: MailScanner discussion > Subject: RE: Outlook Rich Text Format messages - how to let through? > > > Yes it's a new filetype/filename block with 4.50. > > > > I disable it as I find I get too many false positives. > > What's the proper way to disable it? > > I tried putting this into filetype.rules.conf: > deny Transport Neutral Encapsulation Format Windows > security vulnerability No Outlook Rich > Text Format messages due to security hole, use HTML instead > > But, they still get blocked. I tried switching that to allow, and they > still get blocked. > > - jody > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From alex at nkpanama.com Thu Feb 9 14:35:07 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Feb 9 14:35:18 2006 Subject: Archive Filter In-Reply-To: <625385e30602090601s49f4e65en29b454d4ceb727c9@mail.gmail.com> References: <43EA3564.1030605@trayerproducts.com> <223f97700602081115p1cd16245h@mail.gmail.com> <43EA4EE5.6070201@trayerproducts.com> <223f97700602081222w43c71441n@mail.gmail.com> <43EA550F.8070404@nkpanama.com> <625385e30602090601s49f4e65en29b454d4ceb727c9@mail.gmail.com> Message-ID: <43EB531B.4040209@nkpanama.com> So... logically then, one way I see to do something like this would be: 1. Create an archive account 2. Set scan messages to a ruleset containing: From: 127.0.0.1 and To: archive@yourdomain.tld no # to prevent outsiders from e-mailing the archive account and going through unscanned FromOrTo: default yes 3. Have "Non spam actions" set to "deliver forward archive@yourdomain.tld" 4. Have "Archive Mail" set to a ruleset containing: To: archive@yourdomain.tld whereveryouwantyourarchive FromOrTo: default no 5. Figure out how to sort the single box into different mailboxes per user or domain or whatever. Right? shuttlebox wrote: > On 2/8/06, *Alex Neuman van der Hans* > wrote: > > True... you could set up a script that runs every so often and > deletes messages with X-Spam-Status: yes or something like that... > right? > > > The quarantine/archive stores messages as they were when they came in > so they wouldn't have any X-Spam-Status headers you could rely on. > > -- > /peter -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060209/1cdd6c50/attachment.html From glenn.steen at gmail.com Thu Feb 9 14:54:52 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 9 14:54:56 2006 Subject: Archive Filter In-Reply-To: <43EB531B.4040209@nkpanama.com> References: <43EA3564.1030605@trayerproducts.com> <223f97700602081115p1cd16245h@mail.gmail.com> <43EA4EE5.6070201@trayerproducts.com> <223f97700602081222w43c71441n@mail.gmail.com> <43EA550F.8070404@nkpanama.com> <625385e30602090601s49f4e65en29b454d4ceb727c9@mail.gmail.com> <43EB531B.4040209@nkpanama.com> Message-ID: <223f97700602090654i7c597a7bg@mail.gmail.com> On 09/02/06, Alex Neuman van der Hans wrote: > So... logically then, one way I see to do something like this would be: > > 1. Create an archive account > 2. Set scan messages to a ruleset containing: > > From: 127.0.0.1 and To: archive@yourdomain.tld no # to prevent outsiders > from e-mailing the archive account and going through unscanned > FromOrTo: default yes > > 3. Have "Non spam actions" set to "deliver forward archive@yourdomain.tld" > 4. Have "Archive Mail" set to a ruleset containing: > To: archive@yourdomain.tld whereveryouwantyourarchive > FromOrTo: default no > 5. Figure out how to sort the single box into different mailboxes per user > or domain or whatever. > > Right? > Well, not really necessary. If I read you right, you could as easily just specify "archive@domain.tld" in the Archive Mail setting, and use the normal measures of your MTA to ensure noone can mail that one (apart from localhost:). If one has MS archiving to a directory (or a set of directories/user) then the archive copy is just a copy of the queue file ... So then the scripting needed becomes trivial... Simply trawl your log, or poll your MailWatch maillog, for the message queue file ids ("maillog.id" in MW) that contain a virus infection or is spam ... and remove the files. Downside with that is that the files _are_ queue files. Sigh. In the case of having things as mbox file(s), it gets a bit more iffy... You need (apart from finding the correct mbox to munge) uniquely identify the message and then use something like the Mail::Box thing to delete just that message in a safe way. IIUC, Rodney is using a ruleset on Archive Mail to put every recipients mail into separate mbox files. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Feb 9 15:07:12 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 9 15:07:15 2006 Subject: Debugging & SA.pm In-Reply-To: <43EB4F48.4090505@dynamictelecard.com> References: <43EB4F48.4090505@dynamictelecard.com> Message-ID: <223f97700602090707n65024c63j@mail.gmail.com> On 09/02/06, Jeff Davis wrote: > I've narrowed my problem. > Everything including mailwatch works fine except > when I have Use Spamassassin = yes > Then the messages just sit in the hold queue. > > I tried turnning on debugging in MailScanner.conf > and I see this when I restart. > Is this a db permissions problem? (That line has a CREATE TABLE statement.) > > > Starting MailScanner daemons: > incoming postfix: [ OK ] > outgoing postfix: [ OK ] > MailScanner: In Debugging mode, not forking... > Can't call method "do" on an undefined value at > /usr/lib/MailScanner/MailScanner/SA.pm line 172. > [ OK ] Yes, very likely. Your Run As user/group need be able to create the SQLite SA cache db-file in /var/spool/MailScanner/incoming. If you have upgraded, you might have done the same type of no-no I did.... Which is to say that I ran MailScanner --lint _before_ I had run the upgrade_MailScanner_conf ... The configuration had a spurious line in it that resulted in the lint running as root, creating the spam cache db with root privs ... which postfix (of course) couldn't live with:-). If this is is, you need remove that file, then try start MailScanner again. Cheers, -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From jeff at image-src.com Thu Feb 9 15:18:10 2006 From: jeff at image-src.com (Jeff Graves) Date: Thu Feb 9 15:18:18 2006 Subject: OT: Email Signature Spam Message-ID: <008701c62d8c$09b86a70$5a0a10ac@bellingham.imagesrc.com> One of the sales guys wants to add advertising information to the bottom of every email sent out. I know that this is spam and is no good, but does anyone have a website detailing why this is no good? My google searches keep bringing up why spam is no good and what to include in your signature but I couldn't find any guidelines for this type of spam. -- Jeff Graves, MCSA Image Source, Inc. 10 Mill Street Bellingham, MA 02019 508.966.5200 x31 - Phone 508.966.5170 - Fax jeff@image-src.com - Email www.image-src.com From naolson at gmail.com Thu Feb 9 15:36:33 2006 From: naolson at gmail.com (Nathan Olson) Date: Thu Feb 9 15:36:37 2006 Subject: MailScanner in login; Message-ID: <8f54b4330602090736o47a48735w78e588a2277a5074@mail.gmail.com> An article about the SPAM "solution" we did here. Requires USENIX membership. http://www.usenix.org/publications/login/2006-02/pdfs/wallman.pdf Nate From mailscanner at PDSCC.COM Thu Feb 9 15:55:43 2006 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Thu Feb 9 15:55:52 2006 Subject: procedures for getting stuff out of the quarantine on older MS version In-Reply-To: <43E77D59.1030007@ecs.soton.ac.uk> References: <200602100349.TAA26624@sheridan.sibble.net> Message-ID: <200602130321.TAA17950@sheridan.sibble.net> Sweet, I'll look forward to it, thanks On 6 Feb 2006 at 16:46, Julian Field wrote: > It's finally in beta-testing. The guy who wrote it rather tailored it to > our site unfortunately. I'll let you know when there is something > presentable for you. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From jonas.lilja at exallon.sigma.se Thu Feb 9 15:58:17 2006 From: jonas.lilja at exallon.sigma.se (Jonas Lilja) Date: Thu Feb 9 15:59:27 2006 Subject: problem with filetypes Message-ID: <34D06C003AA0EA4D8D9B9443E7BDDD9501CDE169@ikaros.exallon.sigma.se> Hi, i?ve just installed the latest version of MailScanner (4.50) and my problem is that the changes I do in MailScanner.conf according allowed filetypes don?t take effect even if I restart the MailScanner (the problem is that MailScanner blocks bmp-files). Here is a clip from my conf: -------------------------------- # Allow any attachment filetypes matching any of the patters listed here. # If this setting is empty, it is ignored and no matches are made. # This can also be the filetype of a ruleset. Allow Filetypes = \.bmp$ # Deny any attachment filetypes matching any of the patters listed here. # If this setting is empty, it is ignored and no matches are made. # This can also be the filetype of a ruleset. Deny Filetypes = # Set where to find the attachment filetype ruleset. # The structure of this file is explained elsewhere, but it is used to # accept or reject file attachments based on their content as determined # by the "file" command, regardless of whether they are infected or not. # # This can also point to a ruleset, but the ruleset filename must end in # ".rules" so that MailScanner can determine if the filename given is # a ruleset or not! # # To disable this feature, set this to just "Filetype Rules =" or set # the location of the file command to a blank string. # Filetype Rules = %etc-dir%/filetype.rules.conf Filetype Rules = %etc-dir%/rules/filetype.rules ------------------------------------- My /etc/MailScanner/rules/filetype.rules looks like this (note the "allow BMP"-row): allow text - - allow script - - allow archive - - allow postscript - - allow BMP - - allow JPG - - deny self-extract No self-extracting archives No self-extracting archives allowed deny executable No executables No programs allowed deny ELF No executables No programs allowed deny Registry No Windows Registry entries No Windows Registry files allowed #deny MPEG No MPEG movies No MPEG movies allowed #deny AVI No AVI movies No AVI movies allowed #deny MNG No MNG/PNG movies No MNG movies allowed #deny QuickTime No QuickTime movies No QuickTime movies allowed #deny ASF No Windows media No Windows media files allowed deny metafont No Windows Metafont drawings No WMF drawings allowed #deny TNEF Windows security vulnerability No Outlook Rich Text Format messages due to security hole, use HTML instead #deny Transport Neutral Encapsulation Format Windows security vulnerability No Outlook Rich Text Format messages due to security hole, use HTML instead I would be happy if someone could help me with this issue. Regards /Jonas Lilja, RHCT From nerijus at users.sourceforge.net Thu Feb 9 16:25:41 2006 From: nerijus at users.sourceforge.net (Nerijus Baliunas) Date: Thu Feb 9 16:30:17 2006 Subject: problem with filetypes In-Reply-To: <34D06C003AA0EA4D8D9B9443E7BDDD9501CDE169@ikaros.exallon.sigma.se> References: <34D06C003AA0EA4D8D9B9443E7BDDD9501CDE169@ikaros.exallon.sigma.se> Message-ID: <20060209162943.2F47DBE32@mx.dtiltas.lt> On Thu, 9 Feb 2006 16:58:17 +0100 Jonas Lilja wrote: > the problem is that MailScanner blocks bmp-files See filename.rules.conf. Regards, Nerijus From ssilva at sgvwater.com Thu Feb 9 16:35:53 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 9 16:39:49 2006 Subject: Per-Domain Whitelist not honoring IP addresses In-Reply-To: <43EAA2DE.5080006@tulsaconnect.com> References: <43EA2C7A.7030809@tulsaconnect.com> <1139421402.16590.140.camel@localhost.localdomain> <43EAA2DE.5080006@tulsaconnect.com> Message-ID: TCIS List Acct spake the following on 2/8/2006 6:03 PM: > > > Steve Freegard wrote: >> Hi Mike, >> >> On Wed, 2006-02-08 at 11:38 -0600, TCIS List Acct wrote: >> >>> I'm using the &ByDomainSpamWhitelist function in 4.47.4. I have a >>> "global" whitelist file located at: >>> >>> /etc/MailScanner/spam.bydomain/whitelist/default >>> >>> The file contains domain names, one per line. I recently tried to >>> add an IP address to it, e.g. >>> >>> 1.2.3. >>> >>> which should match 1.2.3.4, 1.2.3.5, etc. per the documentation in >>> CustomConfig.pm. >>> >>> However, mail from those hosts are still being marked as spam / not >>> being whitelisted. Domain names contained in that file are working >>> fine. Did I miss something? >> >> >> Yes - wildcards are not supported at all. The functionality is exact >> match only. >> >> Regards, >> Steve. >> > > Hrmm. So my only option if I wanted to whitelist, for instance, a Class > C network, would be to go back to the default MailScanner whitelist > functionality and ditch the per-domain stuff? > There is a patch on the sourceforge site to allow the 3 octet match you want. http://sourceforge.net/tracker/index.php?func=detail&aid=1232929&group_id=87163&atid=582181 But it doesn't apply cleanly to the current code. You will have to do it manually. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Thu Feb 9 19:18:25 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 9 19:19:14 2006 Subject: OT: Email Signature Spam In-Reply-To: <008701c62d8c$09b86a70$5a0a10ac@bellingham.imagesrc.com> References: <008701c62d8c$09b86a70$5a0a10ac@bellingham.imagesrc.com> Message-ID: Jeff Graves spake the following on 2/9/2006 7:18 AM: > One of the sales guys wants to add advertising information to the bottom of > every email sent out. I know that this is spam and is no good, but does > anyone have a website detailing why this is no good? My google searches keep > bringing up why spam is no good and what to include in your signature but I > couldn't find any guidelines for this type of spam. > Beat him with a clue-by-4 and be done with it! Does he have the clout to make this a company-wide decision? If not, he can put it in his own signature, and when your corporate ip gets on spam lists, HE can explain to the PHB's why client's can no longer get company mail. I know I have a small advert in my signature, but Julian probably doesn't mind! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Thu Feb 9 19:20:22 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Feb 9 19:32:59 2006 Subject: MailScanner in login; In-Reply-To: <8f54b4330602090736o47a48735w78e588a2277a5074@mail.gmail.com> References: <8f54b4330602090736o47a48735w78e588a2277a5074@mail.gmail.com> Message-ID: Nathan Olson spake the following on 2/9/2006 7:36 AM: > An article about the SPAM "solution" we did here. > Requires USENIX membership. > > http://www.usenix.org/publications/login/2006-02/pdfs/wallman.pdf > > Nate Not another members only club! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From naolson at gmail.com Thu Feb 9 19:37:02 2006 From: naolson at gmail.com (Nathan Olson) Date: Thu Feb 9 19:37:25 2006 Subject: MailScanner in login; In-Reply-To: References: <8f54b4330602090736o47a48735w78e588a2277a5074@mail.gmail.com> Message-ID: <8f54b4330602091137o2123cbd0le3b3e23857155ea3@mail.gmail.com> Sign, sign, everywhere a sign... Nate From dwinkler at algorithmics.com Thu Feb 9 20:17:06 2006 From: dwinkler at algorithmics.com (Derek Winkler) Date: Thu Feb 9 20:15:31 2006 Subject: Sophos 4.02 on MailScanner 4.46.2 Message-ID: <570A16F7DB56C242B26876067D682FD002308011@TORMAIL.algorithmics.com> Can anyone give Sophos 4.02 a thumbs up with MailScanner 4.46.2 before I install it? Thanks, Derek This email and any files transmitted with it are confidential and proprietary to Algorithmics Incorporated and its affiliates ("Algorithmics"). If received in error, use is prohibited. Please destroy, and notify sender. Sender does not waive confidentiality or privilege. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. Algorithmics does not accept liability for any errors or omissions. Any commitment intended to bind Algorithmics must be reduced to writing and signed by an authorized signatory. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060209/76cd2a6d/attachment.html From jonas.lilja at exallon.sigma.se Thu Feb 9 20:14:39 2006 From: jonas.lilja at exallon.sigma.se (Jonas Lilja) Date: Thu Feb 9 20:17:39 2006 Subject: {Filename?} SV: problem with filetypes References: <34D06C003AA0EA4D8D9B9443E7BDDD9501CDE169@ikaros.exallon.sigma.se> <20060209162943.2F47DBE32@mx.dtiltas.lt> Message-ID: <34D06C003AA0EA4D8D9B9443E7BDDD956AD7@ikaros.exallon.sigma.se> Warning: This message has had one or more attachments removed Warning: (winmail.dat). Warning: Please read the "SigmaExallon-Attachment-Warning.txt" attachment(s) for more information. My filename.rules.conf looks like this; # # NOTE: Fields are separated by TAB characters --- Important! # # Syntax is allow/deny/deny+delete, then regular expression, then log text, # then user report text. # # If none of the rules match, then the filetype is allowed. allow text - - allow script - - allow archive - - allow postscript - - allow BMP - - allow JPG - - deny self-extract No self-extracting archives No self-extracting archives allowed deny executable No executables No programs allowed deny ELF No executables No programs allowed deny Registry No Windows Registry entries No Windows Registry files allowed #deny MPEG No MPEG movies No MPEG movies allowed #deny AVI No AVI movies No AVI movies allowed "/etc/MailScanner/filetype.rules.conf" 27L, 1237C Why does MailScanner block bmp?s even if I have allowed it in my conf-file? /Jonas ________________________________ Fr?n: mailscanner-bounces@lists.mailscanner.info genom Nerijus Baliunas Skickat: to 2006-02-09 17:25 Till: MailScanner discussion ?mne: Re: problem with filetypes On Thu, 9 Feb 2006 16:58:17 +0100 Jonas Lilja wrote: > the problem is that MailScanner blocks bmp-files See filename.rules.conf. Regards, Nerijus -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- This is a message from the MailScanner E-Mail Virus Protection Service ---------------------------------------------------------------------- The original e-mail attachment "winmail.dat" is on the list of unacceptable attachments for this site and has been replaced by this warning message. If you wish to receive a copy of the original attachment, please e-mail helpdesk and include the whole of this message in your request. Alternatively, you can call them, with the contents of this message to hand when you call. At Thu Feb 9 21:58:42 2006 the virus scanner said: MailScanner: No Outlook Rich Text Format messages due to security hole, use HTML instead (winmail.dat) Note to Help Desk: Look on the SigmaExallon () MailScanner in /var/spool/MailScanner/quarantine/20060209 (message k19KweIF008134). -- Postmaster Sigma Exallon AB www.exallon.sigma.se MailScanner thanks transtec Computers for their support From shuttlebox at gmail.com Thu Feb 9 20:28:57 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Feb 9 20:29:01 2006 Subject: {Filename?} SV: problem with filetypes In-Reply-To: <34D06C003AA0EA4D8D9B9443E7BDDD956AD7@ikaros.exallon.sigma.se> References: <34D06C003AA0EA4D8D9B9443E7BDDD9501CDE169@ikaros.exallon.sigma.se> <20060209162943.2F47DBE32@mx.dtiltas.lt> <34D06C003AA0EA4D8D9B9443E7BDDD956AD7@ikaros.exallon.sigma.se> Message-ID: <625385e30602091228q69e8a9e6ocdbe35e0c4e8edab@mail.gmail.com> On 2/9/06, Jonas Lilja wrote: > > Warning: This message has had one or more attachments removed > Warning: (winmail.dat). > Warning: Please read the "SigmaExallon-Attachment-Warning.txt" > attachment(s) for more information. > > My filename.rules.conf looks like this; > > # > # NOTE: Fields are separated by TAB characters --- Important! > # > # Syntax is allow/deny/deny+delete, then regular expression, then log > text, > # then user report text. > # > # If none of the rules match, then the filetype is allowed. > allow text - - > allow script - - > allow archive - - > allow postscript - - > allow BMP - - > allow JPG - - > deny self-extract No self-extracting archives No self-extracting > archives allowed > deny executable No executables No programs allowed > deny ELF No executables No programs allowed > deny Registry No Windows Registry entries No Windows > Registry files allowed > #deny MPEG No MPEG movies No MPEG movies allowed > #deny AVI No AVI movies No AVI movies allowed > "/etc/MailScanner/filetype.rules.conf" 27L, 1237C > > Why does MailScanner block bmp?s even if I have allowed it in my > conf-file? > Because you still haven't looked in filename.rules.conf. What you just posted is filetypes.rules.conf. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060209/75a5402d/attachment-0001.html From naolson at gmail.com Thu Feb 9 20:34:34 2006 From: naolson at gmail.com (Nathan Olson) Date: Thu Feb 9 20:34:54 2006 Subject: {Filename?} SV: problem with filetypes In-Reply-To: <34D06C003AA0EA4D8D9B9443E7BDDD956AD7@ikaros.exallon.sigma.se> References: <34D06C003AA0EA4D8D9B9443E7BDDD9501CDE169@ikaros.exallon.sigma.se> <20060209162943.2F47DBE32@mx.dtiltas.lt> <34D06C003AA0EA4D8D9B9443E7BDDD956AD7@ikaros.exallon.sigma.se> Message-ID: <8f54b4330602091234xb4a3733i873b2a8654b468e@mail.gmail.com> Try 'allow \.bmp$ - -' in filename.rules.conf. Delete the 'allow BMP - -' line. Restart MailScanner and try again. Nate From naolson at gmail.com Thu Feb 9 20:40:15 2006 From: naolson at gmail.com (Nathan Olson) Date: Thu Feb 9 20:40:38 2006 Subject: {Filename?} SV: problem with filetypes In-Reply-To: <34D06C003AA0EA4D8D9B9443E7BDDD956AD7@ikaros.exallon.sigma.se> References: <34D06C003AA0EA4D8D9B9443E7BDDD9501CDE169@ikaros.exallon.sigma.se> <20060209162943.2F47DBE32@mx.dtiltas.lt> <34D06C003AA0EA4D8D9B9443E7BDDD956AD7@ikaros.exallon.sigma.se> Message-ID: <8f54b4330602091240m155ecfaax42e1198a16e2a17d@mail.gmail.com> There is a 'deny \.bmp$' line in filename.rules.conf by default. Comment this out. You don't have to add 'allow \.bmp$ - -' like my previous post stated. The "Delete the 'allow BMP - -' line" from my previous post was in reference to filetype.rules.conf. Apologies, Nate From jeff at dynamictelecard.com Thu Feb 9 20:45:35 2006 From: jeff at dynamictelecard.com (Jeff Davis) Date: Thu Feb 9 20:45:59 2006 Subject: Debugging & SA.pm In-Reply-To: <223f97700602090707n65024c63j@mail.gmail.com> References: <43EB4F48.4090505@dynamictelecard.com> <223f97700602090707n65024c63j@mail.gmail.com> Message-ID: <43EBA9EF.3050903@dynamictelecard.com> Yep, the SpamAssassin.cache.db was owned by root. Thanks! Glenn Steen wrote: > On 09/02/06, Jeff Davis wrote: >> I've narrowed my problem. >> Everything including mailwatch works fine except >> when I have Use Spamassassin = yes >> Then the messages just sit in the hold queue. >> >> I tried turnning on debugging in MailScanner.conf >> and I see this when I restart. >> Is this a db permissions problem? (That line has a CREATE TABLE statement.) >> >> >> Starting MailScanner daemons: >> incoming postfix: [ OK ] >> outgoing postfix: [ OK ] >> MailScanner: In Debugging mode, not forking... >> Can't call method "do" on an undefined value at >> /usr/lib/MailScanner/MailScanner/SA.pm line 172. >> [ OK ] > > Yes, very likely. Your Run As user/group need be able to create the > SQLite SA cache db-file in /var/spool/MailScanner/incoming. If you > have upgraded, you might have done the same type of no-no I did.... > Which is to say that I ran MailScanner --lint _before_ I had run the > upgrade_MailScanner_conf ... The configuration had a spurious line in > it that resulted in the lint running as root, creating the spam cache > db with root privs ... which postfix (of course) couldn't live > with:-). If this is is, you need remove that file, then try start > MailScanner again. > > Cheers, > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se From jonas.lilja at exallon.sigma.se Thu Feb 9 20:56:50 2006 From: jonas.lilja at exallon.sigma.se (Jonas Lilja) Date: Thu Feb 9 20:57:43 2006 Subject: SV: {Filename?} SV: problem with filetypes References: <34D06C003AA0EA4D8D9B9443E7BDDD9501CDE169@ikaros.exallon.sigma.se><20060209162943.2F47DBE32@mx.dtiltas.lt><34D06C003AA0EA4D8D9B9443E7BDDD956AD7@ikaros.exallon.sigma.se> <8f54b4330602091240m155ecfaax42e1198a16e2a17d@mail.gmail.com> Message-ID: <34D06C003AA0EA4D8D9B9443E7BDDD956AD9@ikaros.exallon.sigma.se> Thanks a lot, it worked!! /Regards /Jonas ________________________________ Fr?n: mailscanner-bounces@lists.mailscanner.info genom Nathan Olson Skickat: to 2006-02-09 21:40 Till: MailScanner discussion ?mne: Re: {Filename?} SV: problem with filetypes There is a 'deny \.bmp$' line in filename.rules.conf by default. Comment this out. You don't have to add 'allow \.bmp$ - -' like my previous post stated. The "Delete the 'allow BMP - -' line" from my previous post was in reference to filetype.rules.conf. Apologies, Nate -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 4147 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060209/e6c81350/attachment.bin From glenn.steen at gmail.com Fri Feb 10 00:20:56 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 10 00:21:00 2006 Subject: OT: Email Signature Spam In-Reply-To: References: <008701c62d8c$09b86a70$5a0a10ac@bellingham.imagesrc.com> Message-ID: <223f97700602091620u15a9c1eaq@mail.gmail.com> On 09/02/06, Scott Silva wrote: > Jeff Graves spake the following on 2/9/2006 7:18 AM: > > One of the sales guys wants to add advertising information to the bottom of > > every email sent out. I know that this is spam and is no good, but does > > anyone have a website detailing why this is no good? My google searches keep > > bringing up why spam is no good and what to include in your signature but I > > couldn't find any guidelines for this type of spam. > > > Beat him with a clue-by-4 and be done with it! > > Does he have the clout to make this a company-wide decision? > If not, he can put it in his own signature, and when your corporate ip gets on > spam lists, HE can explain to the PHB's why client's can no longer get company > mail. I know I have a small advert in my signature, but Julian probably > doesn't mind! > Of course we don't mind some small reminder that people actually work for a living, and at companies at that... What most abhor is splashy HTML-infested graphically disabled crud. So if the small plug is pure text/no gfx and rather unobtrusive (more like the company stationary of bygone days), nobody will mind... But if it's annoying in any way, someone will likely start a BL just *because*...:-). > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > Still love this one Scott! -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From michele at blacknight.ie Fri Feb 10 00:32:01 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Fri Feb 10 00:32:02 2006 Subject: OT: Email Signature Spam In-Reply-To: <223f97700602091620u15a9c1eaq@mail.gmail.com> References: <008701c62d8c$09b86a70$5a0a10ac@bellingham.imagesrc.com> <223f97700602091620u15a9c1eaq@mail.gmail.com> Message-ID: <43EBDF01.40104@blacknight.ie> Glenn Steen wrote: > > Of course we don't mind some small reminder that people actually work > for a living, and at companies at that... What most abhor is splashy > HTML-infested graphically disabled crud. Exactly And if I get another stupid email from someone using that Plaxto (?) thing I'll scream >>MailScanner is like deodorant... >>You hope everybody uses it, and >>you notice quickly if they don't!!!! >> > > Still love this one Scott! It's a classic :) -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From ssilva at sgvwater.com Fri Feb 10 00:56:49 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Feb 10 00:57:02 2006 Subject: OT: Email Signature Spam In-Reply-To: <43EBDF01.40104@blacknight.ie> References: <008701c62d8c$09b86a70$5a0a10ac@bellingham.imagesrc.com> <223f97700602091620u15a9c1eaq@mail.gmail.com> <43EBDF01.40104@blacknight.ie> Message-ID: Michele Neylon:: Blacknight.ie spake the following on 2/9/2006 4:32 PM: > Glenn Steen wrote: > >> Of course we don't mind some small reminder that people actually work >> for a living, and at companies at that... What most abhor is splashy >> HTML-infested graphically disabled crud. > > Exactly > And if I get another stupid email from someone using that Plaxto (?) > thing I'll scream > >>> MailScanner is like deodorant... >>> You hope everybody uses it, and >>> you notice quickly if they don't!!!! >>> >> Still love this one Scott! > > It's a classic :) > > > I hate that Plaxto crap!! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From dl6mpg at gmail.com Fri Feb 10 06:19:29 2006 From: dl6mpg at gmail.com (Uwe) Date: Fri Feb 10 06:19:32 2006 Subject: Sophos 4.02 on MailScanner 4.46.2 In-Reply-To: <570A16F7DB56C242B26876067D682FD002308011@TORMAIL.algorithmics.com> References: <570A16F7DB56C242B26876067D682FD002308011@TORMAIL.algorithmics.com> Message-ID: <3710be270602092219l2549303dy@mail.gmail.com> 2006/2/9, Derek Winkler : > Can anyone give Sophos 4.02 a thumbs up with MailScanner 4.46.2 before I > install it? Sophos 4.02 work fine for me with MailScanner-4.50.14. Uwe From a.peacock at chime.ucl.ac.uk Fri Feb 10 08:53:31 2006 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Feb 10 08:53:43 2006 Subject: Sophos 4.02 on MailScanner 4.46.2 In-Reply-To: <570A16F7DB56C242B26876067D682FD002308011@TORMAIL.algorithmics.com> References: <570A16F7DB56C242B26876067D682FD002308011@TORMAIL.algorithmics.com> Message-ID: <43EC548B.6030908@chime.ucl.ac.uk> Hi, Derek Winkler wrote: > > Can anyone give Sophos 4.02 a thumbs up with MailScanner 4.46.2 before I > install it? Works fine here with MailScanner 4.50... # sweep -v SWEEP virus detection utility Copyright (c) 1989-2006 Sophos Plc, www.sophos.com System time 08:51:18, System date 10 February 2006 Product version : 4.02.0 Engine version : 2.32.11 Virus data version : 4.02 User interface version : 2.07.127 Platform : Solaris/Intel Released : 06 February 2006 Total viruses (with IDEs) : 118619 # /opt/MailScanner/bin/MailScanner -V Running on SunOS inetsrv-1 5.8 Generic_117351-26 i86pc i386 i86pc This is Perl version 5.008002 (5.8.2) This is MailScanner version 4.50.15 -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov From shrek-m at gmx.de Fri Feb 10 12:07:11 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Fri Feb 10 12:07:14 2006 Subject: Sophos 4.02 on MailScanner 4.46.2 In-Reply-To: <570A16F7DB56C242B26876067D682FD002308011@TORMAIL.algorithmics.com> References: <570A16F7DB56C242B26876067D682FD002308011@TORMAIL.algorithmics.com> Message-ID: <43EC81EF.7070008@gmx.de> On 09.02.2006 21:17, Derek Winkler wrote: > Can anyone give Sophos 4.02 a thumbs up with MailScanner 4.46.2 before > I install it? i do not know but ... sav 401 and ms 4.47.4-1 was ok sav 401 and ms 4.50.15-1 was ok sav 402 and ms 4.50.15-1 seems to be ok i see no reason for panic ... sav 397 = sep 2005 = 3.97 sav 398 = okt 2005 = 3.98 sav 399 = nov 2005 = 3.99 sav 400 = dez 2005 = 4.00 sav 401 = jan 2006 = 4.01 sav 402 = feb 2006 = 4.02 ... -- shrek-m From shrek-m at gmx.de Fri Feb 10 13:01:11 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Fri Feb 10 13:01:13 2006 Subject: Sophos 4.02 on MailScanner 4.46.2 In-Reply-To: <43EC81EF.7070008@gmx.de> References: <570A16F7DB56C242B26876067D682FD002308011@TORMAIL.algorithmics.com> <43EC81EF.7070008@gmx.de> Message-ID: <43EC8E97.7070107@gmx.de> ... sav 322 = jun 1999 = 3.22 ... ... sav 362 = okt 2002 = 3.62 ... sav 374 = okt 2003 = 3.74 ... sav 386 = okt 2004 = 3.86 > ... > sav 397 = sep 2005 = 3.97 > sav 398 = okt 2005 = 3.98 > sav 399 = nov 2005 = 3.99 > sav 400 = dez 2005 = 4.00 > sav 401 = jan 2006 = 4.01 > sav 402 = feb 2006 = 4.02 > ... From rgreen at trayerproducts.com Fri Feb 10 13:04:05 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Fri Feb 10 13:04:27 2006 Subject: MailScanner Postfix question Message-ID: <43EC8F45.4000100@trayerproducts.com> Hello, Does MailScanner bypass Postfix's cleanup daemon? I can't remember at what point mail is reintroduced to Postfix from MailScanner. Thanks, Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dhawal at netmagicsolutions.com Fri Feb 10 13:11:47 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Fri Feb 10 13:11:36 2006 Subject: MailScanner Postfix question In-Reply-To: <43EC8F45.4000100@trayerproducts.com> References: <43EC8F45.4000100@trayerproducts.com> Message-ID: <43EC9113.8030909@netmagicsolutions.com> Rodney Green wrote: > Hello, > > Does MailScanner bypass Postfix's cleanup daemon? I can't remember at > what point mail is reintroduced to Postfix from MailScanner. The cleanup daemon takes care of header_checks, which is responsible for putting mails in the hold directory.. so no, mailscanner doesn't bypass the cleanup daemon. See: http://www.postfix.org/cleanup.8.html, for more details.. - dhawal > Thanks, > Rod > From rgreen at trayerproducts.com Fri Feb 10 13:40:38 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Fri Feb 10 13:40:56 2006 Subject: MailScanner Postfix question In-Reply-To: <43EC9113.8030909@netmagicsolutions.com> References: <43EC8F45.4000100@trayerproducts.com> <43EC9113.8030909@netmagicsolutions.com> Message-ID: <43EC97D6.9070000@trayerproducts.com> Dhawal Doshy wrote: > Rodney Green wrote: >> Hello, >> >> Does MailScanner bypass Postfix's cleanup daemon? I can't remember at >> what point mail is reintroduced to Postfix from MailScanner. > > The cleanup daemon takes care of header_checks, which is responsible > for putting mails in the hold directory.. so no, mailscanner doesn't > bypass the cleanup daemon. > > See: http://www.postfix.org/cleanup.8.html, for more details.. Thanks Dhawal. I was thinking that SMTPD did the header_checks. That is why I was confused as to whether or not cleanup is run. Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shrek-m at gmx.de Fri Feb 10 14:03:50 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Fri Feb 10 14:03:54 2006 Subject: MajorSophos update In-Reply-To: <43E6B614.4010603@tippingmar.com> References: <43E6B614.4010603@tippingmar.com> Message-ID: <43EC9D46.4050601@gmx.de> On 06.02.2006 03:36, Mark Nienberg wrote: > According to the Sophos release notes: > > "There are two versions provided for Linux/Intel (libc6). Older libc6 > systems should use the Linux on Intel (using libc6) version. This will > work on systems with glibc 2.0 and 2.1. Newer libc6 systems with glibc > 2.2 or above should use the glibc 2.2 tarball; this incorporates new > features such as large file support and improved multi-threading > capabilities." > > I guess this has been true for some time, at least since okt 2003 and probably longer # ll downtmp/sophos/sav/200310/*intel* -rwxr-xr-x 1 admin admin 7366668 4. Okt 2003 downtmp/sophos/sav/200310/linux.intel.libc6.glibc.2.2.tar.Z -rwxr-xr-x 1 admin admin 7415457 29. Sep 2003 downtmp/sophos/sav/200310/linux.intel.libc6.tar.Z > but I have been happily (blindly?) using the older libc6 version with > no problems on systems that could be using the glibc2.2 version. afair both are ok under redhat >=rhl 7.2 fedora >= fc1 -- shrek-m From rgreen at trayerproducts.com Fri Feb 10 14:38:25 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Fri Feb 10 14:38:43 2006 Subject: OT: Email Signature Spam In-Reply-To: References: <008701c62d8c$09b86a70$5a0a10ac@bellingham.imagesrc.com> <223f97700602091620u15a9c1eaq@mail.gmail.com> <43EBDF01.40104@blacknight.ie> Message-ID: <43ECA561.5010803@trayerproducts.com> Scott Silva wrote: > I hate that Plaxto crap!! > > My uncle keeps sending me requests for my information from Plaxo. I finally just sent him the info again and said I am not comfortable using Plaxo and wouldn't give my info to them. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From thebet at tin.it Fri Feb 10 16:36:04 2006 From: thebet at tin.it (thebet@tin.it) Date: Fri Feb 10 16:36:06 2006 Subject: possible useful feature Message-ID: <20262918.1139589364130.JavaMail.root@pswm10.cp.tin.it> Hi. Just thinking about a particular scenario. Imagine a ISP of course with roaming users and implementing DNSBL with mailscanner. And this ISP usedrac for pop before smtp support. But....sometimes these roaming users are listed on some DNSBL (when some user1@domain writes to user2@domain fo example). Not good. So ISP have to create whitelist based on source mail address. Not a great solution. Would be nice to avoid dnsbl checks if source IP are listed on drac db. milter-greylist too is implementing this function in their develop release. Comments? From drew at themarshalls.co.uk Fri Feb 10 18:18:21 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Feb 10 18:18:34 2006 Subject: MailScanner Postfix question In-Reply-To: <43EC97D6.9070000@trayerproducts.com> References: <43EC8F45.4000100@trayerproducts.com> <43EC9113.8030909@netmagicsolutions.com> <43EC97D6.9070000@trayerproducts.com> Message-ID: On 10 Feb 2006, at 13:40, Rodney Green wrote: > > > Dhawal Doshy wrote: >> Rodney Green wrote: >>> Hello, >>> >>> Does MailScanner bypass Postfix's cleanup daemon? I can't >>> remember at what point mail is reintroduced to Postfix from >>> MailScanner. >> >> The cleanup daemon takes care of header_checks, which is >> responsible for putting mails in the hold directory.. so no, >> mailscanner doesn't bypass the cleanup daemon. >> >> See: http://www.postfix.org/cleanup.8.html, for more details.. > > Thanks Dhawal. I was thinking that SMTPD did the header_checks. > That is why I was confused as to whether or not cleanup is run. > > Rod Clean up also does the virtual alias resolving also, which is a point worth remembering as any addresses that are re-injected by MailScanner need to be deliverable by Postfix using either Transport (Maps if the route can not be identified by MX/ DNS) or local delivery agent (As these happen/work after the initial clean up and therefore after MailScanner does it's bit). If you use a virtual alias they will bounce as these are resolved and translated (Hence if you check your logs you will see real@virtual.dom,alias@virtual.domlisted as recipients. One is the address Postfix will use for delivery, the other the address the message was addressed to) before MailScanner gets the message. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From brose at med.wayne.edu Fri Feb 10 18:55:00 2006 From: brose at med.wayne.edu (Rose, Bobby) Date: Fri Feb 10 18:55:07 2006 Subject: MailScanner and Clientmqueue Message-ID: <8F2A53954C22554EB75D9643FCCE0C6B4884FD@MED-CORE03-MS1.med.wayne.edu> What would be the conditions for the messages generated by MailScanner would be dropped in to clientmqueue instead of mqueue. It seems that all my warning messages are being thrown in clientmqueue but it's odd that the ones that are sent to postmaster aren't. I've never had a queue runner running for clientmqueue since the box is just a mailrouter. -=Bobby From glenn.steen at gmail.com Fri Feb 10 20:38:28 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 10 20:38:32 2006 Subject: possible useful feature In-Reply-To: <20262918.1139589364130.JavaMail.root@pswm10.cp.tin.it> References: <20262918.1139589364130.JavaMail.root@pswm10.cp.tin.it> Message-ID: <223f97700602101238m444b5699k@mail.gmail.com> On 10/02/06, thebet@tin.it wrote: > Hi. > Just thinking about a particular scenario. Imagine a ISP of course > with roaming users and implementing DNSBL with mailscanner. > And this > ISP usedrac for pop before smtp support. > But....sometimes these roaming > users are listed on some DNSBL (when some user1@domain writes to > user2@domain fo example). > Not good. So ISP have to create whitelist > based on source mail address. Not a great solution. > Would be nice to > avoid dnsbl checks if source IP are listed on drac db. > milter-greylist > too is implementing this function in their develop release. > Comments? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Apart from that you all in Italy should be concentrating on what's going on in Torino....? Well, don't do BLs in MailScanner then...! -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Feb 10 20:58:22 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 10 20:58:29 2006 Subject: MailScanner Postfix question In-Reply-To: References: <43EC8F45.4000100@trayerproducts.com> <43EC9113.8030909@netmagicsolutions.com> <43EC97D6.9070000@trayerproducts.com> Message-ID: <223f97700602101258g7fef5f79t@mail.gmail.com> On 10/02/06, Drew Marshall wrote: > > On 10 Feb 2006, at 13:40, Rodney Green wrote: > > > > > > > Dhawal Doshy wrote: > >> Rodney Green wrote: > >>> Hello, > >>> > >>> Does MailScanner bypass Postfix's cleanup daemon? I can't > >>> remember at what point mail is reintroduced to Postfix from > >>> MailScanner. > >> > >> The cleanup daemon takes care of header_checks, which is > >> responsible for putting mails in the hold directory.. so no, > >> mailscanner doesn't bypass the cleanup daemon. > >> > >> See: http://www.postfix.org/cleanup.8.html, for more details.. > > > > Thanks Dhawal. I was thinking that SMTPD did the header_checks. > > That is why I was confused as to whether or not cleanup is run. > > > > Rod > > Clean up also does the virtual alias resolving also, which is a point > worth remembering as any addresses that are re-injected by > MailScanner need to be deliverable by Postfix using either Transport > (Maps if the route can not be identified by MX/ DNS) or local > delivery agent (As these happen/work after the initial clean up and > therefore after MailScanner does it's bit). If you use a virtual > alias they will bounce as these are resolved and translated (Hence if > you check your logs you will see > real@virtual.dom,alias@virtual.domlisted as recipients. One is the > address Postfix will use for delivery, the other the address the > message was addressed to) before MailScanner gets the message. > > Drew > I'm sure you will correct me if I'm thinking in muddled puddles (as I seem to have been doing the last couple of days, or so), but there is one more thing worth noting with the singel queue/hold setup... Jules (and others) have been asking how to make Postfix split messages to more than one recipient, so that the messages are handled one message/recipient.... Here is why it doesn't really play with PF. The settings (*_recipient_limits) are enforced _after_ MailScanner does it's bit, so any such splitting would be entirely pointless.... Unfortunate, but (I think.... I confess I've been indulging in some nice Montepulchiano, just to honour the Olympics.... So might not have the best-working intellect:-) the only way to get at that functionality is to take Joshua Hirshs advice and use a dual-queue setup... Or does the defer happen prior to ... Oh bugger... You'd need a strange dual setup, or a *triple* setup to get this.... The first relaying through some delivery thing (and splitting them) onto the hold one, or the defer one... Sigh. Not good. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at nkpanama.com Fri Feb 10 21:36:45 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Feb 10 21:36:57 2006 Subject: possible useful feature In-Reply-To: <223f97700602101238m444b5699k@mail.gmail.com> References: <20262918.1139589364130.JavaMail.root@pswm10.cp.tin.it> <223f97700602101238m444b5699k@mail.gmail.com> Message-ID: <43ED076D.9070908@nkpanama.com> Use DNSBL's at the SA level, not at the MS level. And if you use them at the MTA level, make sure the MTA skips DNSBLs for AUTH users. Glenn Steen wrote: > On 10/02/06, thebet@tin.it wrote: > >> Hi. >> Just thinking about a particular scenario. Imagine a ISP of course >> with roaming users and implementing DNSBL with mailscanner. >> And this >> ISP usedrac for pop before smtp support. >> But....sometimes these roaming >> users are listed on some DNSBL (when some user1@domain writes to >> user2@domain fo example). >> Not good. So ISP have to create whitelist >> based on source mail address. Not a great solution. >> Would be nice to >> avoid dnsbl checks if source IP are listed on drac db. >> milter-greylist >> too is implementing this function in their develop release. >> Comments? >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > Apart from that you all in Italy should be concentrating on what's > going on in Torino....? > Well, don't do BLs in MailScanner then...! > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060210/9e239efd/attachment.html From drew at themarshalls.co.uk Fri Feb 10 23:04:44 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Fri Feb 10 23:04:56 2006 Subject: MailScanner Postfix question In-Reply-To: <223f97700602101258g7fef5f79t@mail.gmail.com> References: <43EC8F45.4000100@trayerproducts.com> <43EC9113.8030909@netmagicsolutions.com> <43EC97D6.9070000@trayerproducts.com> <223f97700602101258g7fef5f79t@mail.gmail.com> Message-ID: <7F8C9C6B-DA7A-4628-B284-63176AEF67F7@themarshalls.co.uk> On 10 Feb 2006, at 20:58, Glenn Steen wrote: > I'm sure you will correct me if I'm thinking in muddled puddles (as I > seem to have been doing the last couple of days, or so), but there is > one more thing worth noting with the singel queue/hold setup... Jules > (and others) have been asking how to make Postfix split messages to > more than one recipient, so that the messages are handled one > message/recipient.... Here is why it doesn't really play with PF. The > settings (*_recipient_limits) are enforced _after_ MailScanner does > it's bit, so any such splitting would be entirely pointless.... > Unfortunate, but (I think.... I confess I've been indulging in some > nice Montepulchiano, just to honour the Olympics.... So might not have > the best-working intellect:-) the only way to get at that > functionality is to take Joshua Hirshs advice and use a dual-queue > setup... Or does the defer happen prior to ... Oh bugger... You'd need > a strange dual setup, or a *triple* setup to get this.... The first > relaying through some delivery thing (and splitting them) onto the > hold one, or the defer one... Sigh. Not good. Having been also celebrating the Olympics start, I think 'Yup' sums it up nicely! :-) The other issue is that Weitse is not a fan of splitting messages so the chances of this ever happening... Oh well. at least we are getting extended message codes and DSN (Just after the world turned off DSN...) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From qgiesbrecht at snj.mb.ca Fri Feb 10 23:07:55 2006 From: qgiesbrecht at snj.mb.ca (Quintin Giesbrecht) Date: Fri Feb 10 23:08:30 2006 Subject: MailScanner Postfix question Message-ID: Thank you for your email. I will be away from the office from on Monday, February 13th.and returning on Tuesday, February 14th. I will respond to you as soon as possible upon my return. Should you require emergency assistance, please contact me on my cel at 204.392.6514. Q From mkettler at evi-inc.com Fri Feb 10 23:23:32 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Feb 10 23:23:43 2006 Subject: MailScanner Postfix question In-Reply-To: References: Message-ID: <43ED2074.4040905@evi-inc.com> Quintin Giesbrecht wrote: > Thank you for your email. I will be away from the office from on Monday, February 13th.and returning on Tuesday, February 14th. I will respond to you as soon as possible upon my return. Should you require emergency assistance, please contact me on my cel at 204.392.6514. Ahh the evils of using groupwise carelessly.. Quintin, may I suggest the following for your groupwise vacation rule: http://www.novell.com/coolsolutions/gwmag/tips/t_cool_vacation_rule.html This at least adds the feature that the rule won't respond to mail unless it's addressed to you. From brad at beckenhauer.com Sat Feb 11 03:34:26 2006 From: brad at beckenhauer.com (Brad Beckenhauer) Date: Sat Feb 11 03:34:45 2006 Subject: MailScanner Postfix question References: <43ED2074.4040905@evi-inc.com> Message-ID: It would also be nice if management would let the GroupWise admins tell the internet agent (GWIA) to not allow rule generated messages to the Internet. >>> Matt Kettler 2/10/2006 5:23:32 PM >>> Quintin Giesbrecht wrote: > Thank you for your email. I will be away from the office from on Monday, February 13th.and returning on Tuesday, February 14th. I will respond to you as soon as possible upon my return. Should you require emergency assistance, please contact me on my cel at 204.392.6514. Ahh the evils of using groupwise carelessly.. Quintin, may I suggest the following for your groupwise vacation rule: http://www.novell.com/coolsolutions/gwmag/tips/t_cool_vacation_rule.html This at least adds the feature that the rule won't respond to mail unless it's addressed to you. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- Skipped content of type multipart/related From KShortt at ussco.com Sat Feb 11 21:49:35 2006 From: KShortt at ussco.com (Shortt, Kevin) Date: Sat Feb 11 21:49:45 2006 Subject: Dynamic archive file Message-ID: <122DFF9D468A2F4DAC3405E57A39DF780154CC4F@Fsc-Mail-2.na.ds.ussco.com> Hello everyone, I am looking to archive all email with MailScanner as it is processed. I currently use the archive feature with a rule-set. I am only backing up in (queue file format) for domains that I currently relay to clients with in-house Exchange servers. Thus I am the savior when the Micro$oft admin drops the ball. This is working very well. I want to add archiving for every message. Yet, I want to store in mbox format with the filename dynamically changing every hour. Current config: MailScanner Version Number = 4.35.11 Archive Mail = %rules-dir%/archive.rules Archive.rules file: # This stores the sendmail queue files. To: *@domain1.com /path/to/backup/directory_for_domain1 To: *@domain2.com /path/to/backup/directory_for_domain2 To: *@domain3.com /path/to/backup/directory_for_domain3 FromOrTo: default no I would like to remove my default line and archive everything else in mbox format. The filename needs to be CCYY-MM-DD-HH. Thus I will end up with a directory filled with files broken up with messages on an hourly basis. I then purge those on a daily basis, keeping a couple weeks worth of emails. Doing this with procmail is easy. (already doing it in fact). Yet MailScanner provides better protection at a different layer of the SMTP chain. I want to replace my procmail instance of archiving. Using perl to get the file format is easy. I have that work done. (I share that below..) I need to know how I am to get MailScanner to know that the archive filename changes every hour as the date and time changes. Any ideas? Does the custom function get called for every message? (I am not thinking so..correct me if I am wrong.) Can I call a custom function in the ruleset? Like... FromOrTo: /path/to/backup_dir/&myhourlyfilename This does not seem right. Any help is appreciated. Thanks... -k My date format with perl... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~` $year = localtime->year + 1900 ; $month = sprintf ("%02d", localtime->mon); $day = sprintf ("%02d", localtime->mday); $hour = sprintf ("%02d", localtime->hour); print ("$year-$month-$day-$hour\n"); This generates the string... 2006-02-11-16 From itdept at fractalweb.com Sun Feb 12 01:22:56 2006 From: itdept at fractalweb.com (Chris Yuzik) Date: Sun Feb 12 01:23:15 2006 Subject: need advice on MTA and MDA Message-ID: <43EE8DF0.8080505@fractalweb.com> Hi everyone, We're getting a new server ready for deployment and it will be a shared "virtual domain" webserver/mailserver. Obviously will be running MailScanner et al. :-) The hardware is a dual-Xeon 3 GHz machine with 4 x 400 GB hard disks in a RAID-5 array, 2 GB of ECC memory all in a 1U server. It's about as loud as a large hovercraft--fortunately it won't be living in our office. It's been torture-tested for the past couple of months here at our office and it's more than rock-solid stable. We've decided on Centos 4.2, x86_64 edition for the OS. We're also going to be using Webmin and VirtualMin to make managing the virtual domains easier. Here's where the advice request comes in: Our old server that we're migrating /*from */runs Sendmail and Procmail. The new machine will be running _________ and _________. What is the concensus as to what those blanks should be? Should I stick with Sendmail, or move over to Qmail? What about Procmail? Postfix? Finally, our existing machine runs Squirrelmail and while it's very basic, it does the job. Any suggestions for a more robust webmail that's production ready? Cheers. From mstandish at gmail.com Sun Feb 12 01:47:11 2006 From: mstandish at gmail.com (Matt Standish) Date: Sun Feb 12 01:47:14 2006 Subject: need advice on MTA and MDA In-Reply-To: <43EE8DF0.8080505@fractalweb.com> References: <43EE8DF0.8080505@fractalweb.com> Message-ID: <39e688060602111747k2a3334e1v343a3319c2978c2b@mail.gmail.com> > > Finally, our existing machine runs Squirrelmail and while it's very > basic, it does the job. Any suggestions for a more robust webmail that's > production ready? > > How about the Horde project? http://www.horde.org/ It is a royal pain to setup but worth it once you get it running. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060211/ad6fbcf9/attachment.html From craigwhite at azapple.com Sun Feb 12 05:47:36 2006 From: craigwhite at azapple.com (Craig White) Date: Sun Feb 12 05:47:49 2006 Subject: need advice on MTA and MDA In-Reply-To: <43EE8DF0.8080505@fractalweb.com> References: <43EE8DF0.8080505@fractalweb.com> Message-ID: <1139723256.26032.108.camel@lin-workstation.azapple.com> On Sat, 2006-02-11 at 17:22 -0800, Chris Yuzik wrote: > Hi everyone, > > We're getting a new server ready for deployment and it will be a shared > "virtual domain" webserver/mailserver. Obviously will be running > MailScanner et al. :-) > > The hardware is a dual-Xeon 3 GHz machine with 4 x 400 GB hard disks in > a RAID-5 array, 2 GB of ECC memory all in a 1U server. It's about as > loud as a large hovercraft--fortunately it won't be living in our > office. It's been torture-tested for the past couple of months here at > our office and it's more than rock-solid stable. We've decided on Centos > 4.2, x86_64 edition for the OS. We're also going to be using Webmin and > VirtualMin to make managing the virtual domains easier. > > Here's where the advice request comes in: > > Our old server that we're migrating /*from */runs Sendmail and Procmail. > The new machine will be running _________ and _________. > > What is the concensus as to what those blanks should be? Should I stick > with Sendmail, or move over to Qmail? What about Procmail? Postfix? > > Finally, our existing machine runs Squirrelmail and while it's very > basic, it does the job. Any suggestions for a more robust webmail that's > production ready? ---- MTA = postfix MDA = cyrus/lmtp POP3/IMAP = cyrus webmail = horde mailscanner (of course), spamassassin/clamav sqlgrey (greylisting for postfix) cyrus is beautiful, sieve backend is powerful enough and much easier than procmail...users can't deal with procmail. Cyrus is designed for virtual hosting/virtual users (suggest you use LDAP but can use SQL backend) and then users don't have shells, home directories and other stuff to deal with). horde has 'ingo' for managing backend filtering allowing users to actually use procmail but it's messy to set up whereas sieve is a breeze. horde/imp/ingo are simply the best of the pack and the other packages are awesome too. Craig From h.swensson at hccnet.nl Sun Feb 12 14:46:37 2006 From: h.swensson at hccnet.nl (Herman Swensson) Date: Sun Feb 12 14:46:42 2006 Subject: MailScanner: WARNING: You are trying to use the SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not properly installed! Message-ID: <200602121446.k1CEkdsa002622@smtp30.hccnet.nl> Hi, I have upgraded MailScanner to version 4.50.15 and I am getting the next new Messages: MailScanner: WARNING: You are trying to use the SpamAssassin cache but your DBI and/or DBD::SQLite Perl modules are not properly installed MailScanner setting GID to postfix (89) MailScanner setting UID to postfix (89) What does this mean cpan> install DBI CPAN: Storable loaded ok Going to read /root/.cpan/Metadata Database was generated on Mon, 16 Jan 2006 10:10:45 GMT DBI is up to date (1.50). cpan> install DBD::SQLite CPAN: Storable loaded ok Going to read /root/.cpan/Metadata Database was generated on Mon, 16 Jan 2006 10:10:45 GMT DBD::SQLite is up to date (1.11). Linux version is 2.6.9-19 Greetings Herman -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.15.6/257 - Release Date: 10-2-2006 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060212/86aa17d8/attachment.html From mgt at stellarcore.net Sun Feb 12 16:26:00 2006 From: mgt at stellarcore.net (Mike Tremaine) Date: Sun Feb 12 16:26:11 2006 Subject: Strange archive loop Message-ID: <1139761561.3256.9.camel@dwarfstar.stellarcore.net> 2 days ago a zip file came in that got stopped because it had a .exe inside of it. No problems there it did the right thing. But ever since then every email talks about it. ?? [See log snip below] I have since upgraded MailScanner and SpamAssassin [4.37 -> 4.50, and 3.0.4 -> 3.1.0]... No problems with the upgrades full start and stops and yet the messages continue. I've never seen a problem like this before, anyone have any clues? maillog: Feb 12 08:23:29 sigil sendmail[13991]: k1CGMcEb013991: from=, size=1349, class=0, nrcpts=2, msgid=<20050823GO45adhjhTVTT56u@kahramaa.com.qa >, proto=SMTP, daemon=MTA, relay=84-72-40-55.dclient.hispeed.ch [84.72.40.55] Feb 12 08:23:29 sigil sendmail[13991]: k1CGMcEb013991: to=, delay=00:00:08, mailer=smtp, pri=61349, stat=queued Feb 12 08:23:29 sigil sendmail[13991]: k1CGMcEb013991: to=, delay=00:00:08, mailer=smtp, pri=61349, stat=queued Feb 12 08:23:29 sigil MailScanner[12701]: New Batch: Found 2 messages waiting Feb 12 08:23:29 sigil MailScanner[12701]: New Batch: Scanning 1 messages, 1875 bytes Feb 12 08:23:30 sigil MailScanner[12701]: Archived message k1CGMcEb013991 to mbox file /var/spool/MailScanner/quarantine/20060210/k1AHJdDT014115/cal-waste-vpn.zip Feb 12 08:23:30 sigil MailScanner[12701]: Saved archive copies of k1CGMcEb013991 Feb 12 08:23:32 sigil MailScanner[12701]: Spam Checks: Found 1 spam messages Feb 12 08:23:32 sigil MailScanner[12701]: Virus and Content Scanning: Starting See the Archived message line.... I can cat the files directly in the mqueue.in and there is no attachments?? -Mike From mgt at stellarcore.net Sun Feb 12 16:50:41 2006 From: mgt at stellarcore.net (Mike Tremaine) Date: Sun Feb 12 16:50:50 2006 Subject: Strange archive loop In-Reply-To: <1139761561.3256.9.camel@dwarfstar.stellarcore.net> References: <1139761561.3256.9.camel@dwarfstar.stellarcore.net> Message-ID: <1139763042.3256.12.camel@dwarfstar.stellarcore.net> On Sun, 2006-02-12 at 08:26 -0800, Mike Tremaine wrote: > 2 days ago a zip file came in that got stopped because it had a .exe > inside of it. No problems there it did the right thing. But ever since > then every email talks about it. ?? [See log snip below] > > I have since upgraded MailScanner and SpamAssassin [4.37 -> 4.50, and > 3.0.4 -> 3.1.0]... No problems with the upgrades full start and stops > and yet the messages continue. I've never seen a problem like this > before, anyone have any clues? > > maillog: > > Feb 12 08:23:29 sigil sendmail[13991]: k1CGMcEb013991: from=, size=1349, class=0, nrcpts=2, msgid=<20050823GO45adhjhTVTT56u@kahramaa.com.qa >, proto=SMTP, daemon=MTA, relay=84-72-40-55.dclient.hispeed.ch [84.72.40.55] > Feb 12 08:23:29 sigil sendmail[13991]: k1CGMcEb013991: to=, delay=00:00:08, mailer=smtp, pri=61349, stat=queued > Feb 12 08:23:29 sigil sendmail[13991]: k1CGMcEb013991: to=, delay=00:00:08, mailer=smtp, pri=61349, stat=queued > Feb 12 08:23:29 sigil MailScanner[12701]: New Batch: Found 2 messages waiting > Feb 12 08:23:29 sigil MailScanner[12701]: New Batch: Scanning 1 messages, 1875 bytes > Feb 12 08:23:30 sigil MailScanner[12701]: Archived message k1CGMcEb013991 to mbox file /var/spool/MailScanner/quarantine/20060210/k1AHJdDT014115/cal-waste-vpn.zip > Feb 12 08:23:30 sigil MailScanner[12701]: Saved archive copies of k1CGMcEb013991 > Feb 12 08:23:32 sigil MailScanner[12701]: Spam Checks: Found 1 spam messages > Feb 12 08:23:32 sigil MailScanner[12701]: Virus and Content Scanning: Starting > > See the Archived message line.... > I can cat the files directly in the mqueue.in and there is no > attachments?? Never mind... sigh looks like someone who had more guts then knowledge edited Mailscanner.conf Archive Mail = /var/spool/MailScanner/quarantine/20060210/k1AHJdDT014115/cal-waste-vpn.zip err.... :/ [Guess i get to make a phone monday and ask nicely not to touch my configs...] -Mike From ugob at camo-route.com Sun Feb 12 18:21:57 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Sun Feb 12 18:22:33 2006 Subject: need advice on MTA and MDA In-Reply-To: <39e688060602111747k2a3334e1v343a3319c2978c2b@mail.gmail.com> References: <43EE8DF0.8080505@fractalweb.com> <39e688060602111747k2a3334e1v343a3319c2978c2b@mail.gmail.com> Message-ID: Matt Standish wrote: > > > Finally, our existing machine runs Squirrelmail and while it's very > basic, it does the job. Any suggestions for a more robust webmail > that's > production ready? > > > How about the Horde project? http://www.horde.org/ > > It is a royal pain to setup but worth it once you get it running. > It can be easily installed with yum in centos, it is now in the Extras repository. -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. From mikej at rogers.com Sun Feb 12 18:42:20 2006 From: mikej at rogers.com (Mike Jakubik) Date: Sun Feb 12 18:42:17 2006 Subject: need advice on MTA and MDA In-Reply-To: <39e688060602111747k2a3334e1v343a3319c2978c2b@mail.gmail.com> References: <43EE8DF0.8080505@fractalweb.com> <39e688060602111747k2a3334e1v343a3319c2978c2b@mail.gmail.com> Message-ID: <43EF818C.4040601@rogers.com> Matt Standish wrote: > > > Finally, our existing machine runs Squirrelmail and while it's very > basic, it does the job. Any suggestions for a more robust webmail > that's > production ready? > > > How about the Horde project? http://www.horde.org/ > > It is a royal pain to setup but worth it once you get it running. > Horde/Imp is a horrible bloat of code. I would recommend you use squirrelmail instead. From mailscanner at PDSCC.COM Sun Feb 12 20:43:59 2006 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Sun Feb 12 20:44:06 2006 Subject: no messages tagged as spam Message-ID: <200602160809.AAA06926@sheridan.sibble.net> Have a bit of an odd one... Not sure if this is an MS, MW or SA problem, or a combination. I setup 2 mailscanner boxes running mailscanner-4.49.7-1 spamassassin-3.1.0-1 postfix-2.1.5-4.2.RHEL4 mailwatch 1.03 The boxes have essentially identical software (centos 4.2 and updates) and and configurations, except that they have different ip address scopes, hostnames and are setup for different domains, the hardware is pretty much identical. The only other thing different between the working system and the non working system is I upgraded the perl cpan stuff from the cpan shell on the non working system before installing SA, MS and MW. install Bundle::CPAN, reload cpan Config files for both for SA, MS and MW and postfix came from another test machine. On one machine, all is working fine, in MW can see listings of mail flowing through the system including ones tagged as spam. On the other system I can see all the messages that have come through the system but NONE of the 200 or so messages has been tagged as spam when at least 2/3 of them are blatantly spam. If I display the SA bayes database report in MW, its shows that stuff is being recognized as spam Bayes Database Information Number of Spam Messages: 83 Number of Ham Messages: 117 Number of Tokens: 5,545 Oldest Token: Sat, 4 Feb 2006 20:57:47 -0800 Newest Token: Sun, 12 Feb 2006 12:00:03 -0800 Last Journal Sync: Wed, 31 Dec 1969 16:00:00 -0800 Last Expiry: Wed, 31 Dec 1969 16:00:00 -0800 Last Expiry Reduction Count: 0 tokens I reduced the level to have something tagged as spam to 2 the MS conf file Required SpamAssassin Score = 2 Looking at the recent messages list in MW, most of the blattant spam is only getting at most a 1.6 score. Some of the messages are getting a 0.00 score. Not sure what I am missing or what I should be looking at to resolve this. Suggestions??? -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From mstandish at gmail.com Sun Feb 12 21:43:36 2006 From: mstandish at gmail.com (Matt Standish) Date: Sun Feb 12 21:43:39 2006 Subject: need advice on MTA and MDA In-Reply-To: <43EF818C.4040601@rogers.com> References: <43EE8DF0.8080505@fractalweb.com> <39e688060602111747k2a3334e1v343a3319c2978c2b@mail.gmail.com> <43EF818C.4040601@rogers.com> Message-ID: <39e688060602121343m13e51872xe3662112af3d1cc@mail.gmail.com> > > > > > > > How about the Horde project? http://www.horde.org/ > > > > It is a royal pain to setup but worth it once you get it running. > > > > Horde/Imp is a horrible bloat of code. I would recommend you use > squirrelmail instead. > > > Horrible bloat maybe, but what does the user care about bloated code? To the user Horde is much better than SquirrelMail and it is the customer that pays the bills :) -- Matt Standish MSN Messenger: mps_@hotmail.com Yahoo Messenger: mattstandish@yahoo.com Google Talk: mstandish -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060212/1cd191fb/attachment.html From craigwhite at azapple.com Mon Feb 13 00:02:08 2006 From: craigwhite at azapple.com (Craig White) Date: Mon Feb 13 00:02:18 2006 Subject: no messages tagged as spam In-Reply-To: <200602160809.AAA06926@sheridan.sibble.net> References: <200602160809.AAA06926@sheridan.sibble.net> Message-ID: <1139788929.20169.39.camel@lin-workstation.azapple.com> On Sun, 2006-02-12 at 12:43 -0800, Harondel J. Sibble wrote: > Have a bit of an odd one... Not sure if this is an MS, MW or SA problem, or a > combination. > > I setup 2 mailscanner boxes running > > mailscanner-4.49.7-1 > spamassassin-3.1.0-1 > postfix-2.1.5-4.2.RHEL4 > mailwatch 1.03 > > The boxes have essentially identical software (centos 4.2 and updates) and > and configurations, except that they have different ip address scopes, > hostnames and are setup for different domains, the hardware is pretty much > identical. The only other thing different between the working system and the > non working system is I upgraded the perl cpan stuff from the cpan shell on > the non working system before installing SA, MS and MW. > > install Bundle::CPAN, reload cpan > > Config files for both for SA, MS and MW and postfix came from another test > machine. > > On one machine, all is working fine, in MW can see listings of mail flowing > through the system including ones tagged as spam. On the other system I can > see all the messages that have come through the system but NONE of the 200 or > so messages has been tagged as spam when at least 2/3 of them are blatantly > spam. > > If I display the SA bayes database report in MW, its shows that stuff is > being recognized as spam > > Bayes Database Information Number of Spam Messages: 83 > Number of Ham Messages: 117 > Number of Tokens: 5,545 > Oldest Token: Sat, 4 Feb 2006 20:57:47 -0800 > Newest Token: Sun, 12 Feb 2006 12:00:03 -0800 > Last Journal Sync: Wed, 31 Dec 1969 16:00:00 -0800 > Last Expiry: Wed, 31 Dec 1969 16:00:00 -0800 > Last Expiry Reduction Count: 0 tokens > > I reduced the level to have something tagged as spam to 2 the MS conf file > > Required SpamAssassin Score = 2 > > Looking at the recent messages list in MW, most of the blattant spam is only > getting at most a 1.6 score. Some of the messages are getting a 0.00 score. > > Not sure what I am missing or what I should be looking at to resolve this. > > Suggestions??? ---- not sure what you are updating via cpan but you should realize that when you have rpm based perl you should probably stay away from cpan and use rpm based perl modules - pretty much all you should ever need is in CentOS and dag repositories and whatever is missing will be supplied by the mailscanner rpm install. I have noticed though, on a new setup, if I install mailscanner, a subsequent yum update will update several perl modules installed by mailscanner from dag's repository. this is what my install on a machine where I installed mailscanner 6 months ago looks like (probably should update mailscanner)... # rpm -qa|grep perl perl-URI-1.30-4 perl-libwww-perl-5.79-5 perl-Convert-ASN1-0.18-3 perl-MailTools-1.67-2.2.el4.rf perl-Net-CIDR-0.11-1.2.el4.rf perl-5.8.5-24.RHEL4 perl-HTML-Tagset-3.03-30 perl-libxml-enno-1.02-31 perl-Net-DNS-0.48-1 perl-Cyrus-2.2.12-9 perl-Archive-Zip-1.16-1.2.el4.rf perl-Time-HiRes-1.55-3 perl-Convert-BinHex-1.119-2.2.el4.rf perl-DBI-1.40-8 mod_perl-1.99_16-4.centos4 perl-Parse-Yapp-1.05-32 perl-XML-Dumper-0.71-2 perl-LDAP-0.31-5 perl-Digest-SHA1-2.07-5 perl-DBD-MySQL-2.9004-3.1 perl-Date-Calc-5.3-9 MailScanner-perl-MIME-Base64-3.05-5 perl-IO-stringy-2.110-1.2.el4.rf perl-DateManip-5.42a-3 perl-XML-Encoding-1.01-26 perl-Digest-HMAC-1.01-13 perl-Bit-Vector-6.3-3 perl-TimeDate-1.1301-3 perl-Net-LDAP-0.3202-1.2.el4.rf perl-Filter-1.30-6 newt-perl-1.08-7 perl-XML-Parser-2.34-5 perl-XML-SAX-0.12-7 perl-DBD-Pg-1.31-6 perl-Convert-TNEF-0.17-3.2.el4.rf perl-Authen-SASL-2.09-1.2.el4.rf perl-IO-Socket-SSL-0.97-1.2.el4.rf perl-MIME-tools-5.419-1.2.el4.rf perl-libxml-perl-0.07-30 perl-XML-NamespaceSupport-1.08-6 perl-HTML-Parser-3.45-1 perl-Net-SSLeay-1.25-3.2.el4.rf perl-Compress-Zlib-1.41-1.2.el4.rf perl-File-Tail-0.99.3-1.2.el4.rf Note that all of the perl modules installed by mailscanner are listed as well as the ones coming from dag (have the .rf designation) - NONE are installed from CPAN If you continue to install perl modules from CPAN, your risk messing things up. Craig From alex at nkpanama.com Mon Feb 13 00:24:33 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 13 00:24:49 2006 Subject: no messages tagged as spam In-Reply-To: <1139788929.20169.39.camel@lin-workstation.azapple.com> References: <200602160809.AAA06926@sheridan.sibble.net> <1139788929.20169.39.camel@lin-workstation.azapple.com> Message-ID: <43EFD1C1.5010401@nkpanama.com> Craig White wrote: > not sure what you are updating via cpan but you should realize that when > you have rpm based perl you should probably stay away from cpan and use > rpm based perl modules > > If you continue to install perl modules from CPAN, your risk messing > things up. > > Craig > > I've usually installed RPMs first, then MailScanner (and its own built-from-source RPMs), then updated through CPAN. Never had problems. Maybe I've just been lucky, I guess... ;) -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From harryh at cet.com Mon Feb 13 01:11:23 2006 From: harryh at cet.com (Harry Hanson) Date: Mon Feb 13 01:12:32 2006 Subject: mailscanner log level In-Reply-To: <43EFD1C1.5010401@nkpanama.com> Message-ID: <005f01c6303a$692b9c60$6400a8c0@EDH> Prior to upgrade, mailscanner logged: Feb 12 15:47:07 mx02 MailScanner[3166]: Virus and Content Scanning: Starting Feb 12 15:47:08 mx02 MailScanner[3132]: New Batch: Found 2 messages waiting Feb 12 15:47:10 mx02 MailScanner[3132]: New Batch: Scanning 1 messages, 18049 bytes Feb 12 15:47:12 mx02 MailScanner[3132]: MCP Checks completed at 18049 bytes per second Feb 12 15:47:13 mx02 MailScanner[3166]: Virus Scanning completed at 200 bytes per second Feb 12 15:47:15 mx02 MailScanner[3132]: Spam Checks: Starting Feb 12 15:47:16 mx02 MailScanner[3166]: Requeue: D8F7CE791C.EA79C to 12DDFE7915 Feb 12 15:47:18 mx02 MailScanner[3166]: Uninfected: Delivered 1 messages Since upgrading, these entries are no longer logged (affecting mrtg output). How can I correct this? --- [This E-mail scanned for viruses] From michele at blacknight.ie Mon Feb 13 01:24:35 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Mon Feb 13 01:24:37 2006 Subject: mailscanner log level In-Reply-To: <005f01c6303a$692b9c60$6400a8c0@EDH> References: <005f01c6303a$692b9c60$6400a8c0@EDH> Message-ID: <43EFDFD3.10908@blacknight.ie> Harry Hanson wrote: > > How can I correct this? > It sounds like you changed something in your config, possibly overwriting MailScanner.conf with the new one I'd check the log settings in that to start with -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From listacct at tulsaconnect.com Mon Feb 13 04:18:09 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Mon Feb 13 04:18:14 2006 Subject: More 4.50.15 woes on FreeBSD - Update In-Reply-To: <43E9FB4D.6040402@tulsaconnect.com> References: <002401c62cb4$78784080$3004010a@martinhlaptop> <43E9FB4D.6040402@tulsaconnect.com> Message-ID: <43F00881.2000108@tulsaconnect.com> TCIS List Acct wrote: > I guess my next step is to upgrade to Perl 5.8.8, as that seemed to be > the only difference between your setup and mine. What version of exim > are you running? > Ok, I was able to get some time today to experiment. I took an existing 4.47.4 box and removed all Perl packages, Perl itself, exim, etc and started with fresh installs of everything. I installed Perl 5.8.7 from ports (which was the latest available), as well as exim 4.60 and its associated programs. I then used the ./install.sh script from the MailScanner distribution to install all of the correct/up to date Perl packages and MailScanner 4.50.15 itself, and downloaded the .tar.gz of SpamAssassin 3.1.0 and did a perl Makefile.PL style install. Any missing Perl modules (e.g. Net::DNS) were then installed via CPAN. Long story short, this has made no difference on the problem I am having -- after an hour or so, MailScanner spirals out of control and chews up all RAM on the box, leaving it totally dead. I've tried: - Disabling various virus scanners (I normally use mcafee, f-prot, and kaspersky) - Disabling Hyperthreading via the BIOS (I've heard HT sometimes causes problems) - Disabling the new SA cache feature - Messing with the number of child processes (the box is 2 x 2.8GHz Xeon, I've used 5-10 child processes at various times) - Messing with the Queue scan interval - Removing all custom rulesets (mostly from SARE) from /etc/mail/spamassassin - Turning on debug mode for both MailScanner and SpamAssassin Nothing seems to help the situation. I can reproduce the problem across 4 different boxes, and simply changing the symlink back to 4.47.4 fixes the problem, so the problem _must_ be something that has changed between 4.47.4 and 4.5.15. The boxes are all under moderate load (I can get specific figures if needed) and have never had a problem with any previous MailScanner version. Julian, where do we go from here? I really don't want to be stuck on 4.47.4 forever. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From mailscanner at PDSCC.COM Mon Feb 13 04:55:56 2006 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Mon Feb 13 04:56:03 2006 Subject: no messages tagged as spam In-Reply-To: <43EFD1C1.5010401@nkpanama.com> References: <1139788929.20169.39.camel@lin-workstation.azapple.com> Message-ID: <200602161621.IAA09058@sheridan.sibble.net> On 12 Feb 2006 at 19:24, Alex Neuman van der Hans wrote: > > If you continue to install perl modules from CPAN, your risk messing > > things up. > > > I've usually installed RPMs first, then MailScanner (and its own > built-from-source RPMs), then updated through CPAN. Never had problems. > Maybe I've just been lucky, I guess... ;) Actually I just realized what happened... I think... the bayes engine finally got enough messages to do it's thing. Spam is now being properly classified. Yah! Not sure why it was working fine on the other box I setup. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From Jan-Peter.Koopmann at seceidos.de Mon Feb 13 08:14:55 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Mon Feb 13 08:15:00 2006 Subject: More 4.50.15 woes on FreeBSD - Update Message-ID: On Monday, February 13, 2006 5:18 AM TCIS List Acct wrote: > 4.47.4 fixes the problem, so the problem _must_ be something that has > changed between 4.47.4 and 4.5.15. Oh we all agree that something in the code triggers this. But the code itself clearly works since other people do not have these problems (me included). It must be something box specific. If you install perl modules by hand on FreeBSD you might have conflicts of port based perl modules and the ones you installed from CPAN. I again strongly recommend that you use ports only on FreeBSD. The ports are proberly tested and contain many sometimes important patches. Try the current mailscanner port on a clean box or wait a few more days until 4.50 is commited to the ports tree. If you do this, you will not need install.sh which is not particularly FreeBSD aware. Sorry if I cannot be of greater help but all I can say is: It works here and in many other places. Kind regards, JP From philipp.snizek at terreactive.ch Mon Feb 13 08:52:51 2006 From: philipp.snizek at terreactive.ch (Philipp Snizek) Date: Mon Feb 13 08:52:58 2006 Subject: mailscanner behind a smtpd frontend Message-ID: <1139820771.6757.19.camel@philipp.terreactive.ch> Hi I have here an architecture I'm not too happy with. It looks like this: inet -- smtpd -- antispam gw (mailscanner) -- LAN The problem I see here is that the antispam gw gets mails with headers from the smtpd. Thus, if the smtpd forwards spam the antispam gw learns that (SA autolearn enabled). I'd prefer to have the antispam gw as a mail frontend. However, from firewalling point of view my client wants to make sure that only smtp transactions reach the antispam gw. I have following ideas how to deal with this problem: a) have mailscanner remove the smtpd's received:from header line b) tell SA to ignore the smtpd's received:from header line c) use a transparent smtpd service However, I wonder what of this is possible and if there are other (better) ideas. Thanks a lot Philipp From glenn.steen at gmail.com Mon Feb 13 09:45:39 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 13 09:45:44 2006 Subject: mailscanner behind a smtpd frontend In-Reply-To: <1139820771.6757.19.camel@philipp.terreactive.ch> References: <1139820771.6757.19.camel@philipp.terreactive.ch> Message-ID: <223f97700602130145qcd13bedx@mail.gmail.com> On 13/02/06, Philipp Snizek wrote: > Hi > > > I have here an architecture I'm not too happy with. > It looks like this: > > inet -- smtpd -- antispam gw (mailscanner) -- LAN > > The problem I see here is that the antispam gw gets mails with headers > from the smtpd. Thus, if the smtpd forwards spam the antispam gw learns > that (SA autolearn enabled). > I'd prefer to have the antispam gw as a mail frontend. > However, from firewalling point of view my client wants to make sure > that only smtp transactions reach the antispam gw. > > I have following ideas how to deal with this problem: > a) have mailscanner remove the smtpd's received:from header line > b) tell SA to ignore the smtpd's received:from header line > c) use a transparent smtpd service > > However, I wonder what of this is possible and if there are other > (better) ideas. > > Thanks a lot > > Philipp > Any modern firewall can do port forwarding with only "filtering", that is _no "stateful inspection" or suchlike intervention_. When we introduced Postfix&MailScanner as our "frontend MTA", that was mainly to get out of the bugginess and instability of the infamous SMTP proxy of the firewall we used at the time... (Yours wouldn't happen to be ... red?:-):-) We haven't looked back since. We get better protection and more control... And (due to both the public firewall and the on-box FW) we are confident there is no possibility of ... "traffic leakage". I suppose what I'm advocating is some variant of c). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From tac.forums at gmail.com Mon Feb 13 12:41:40 2006 From: tac.forums at gmail.com (TAC Forums) Date: Mon Feb 13 12:41:41 2006 Subject: [OT] sendmail priority Message-ID: The subject is slightly off topic, its Sendmail. We have a sendmail server, which we would like to configure with Real time blackhole lists, to reject as much SPAM as possible. Also we have SMTP Authentication enabled on the same server. If, a genuine user is on a blacklisted IP address and he uses our SMTP server, will his mail be rejected? What gets higher priority, during an incoming SMTP connection, SMTP authentication or Real time blackhole listing? Regards, Boskey -- TAC Support Team From shuttlebox at gmail.com Mon Feb 13 12:53:00 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Feb 13 12:53:04 2006 Subject: Number of messages in a batch Message-ID: <625385e30602130453q7ee86a9fw3ae110178d13cf96@mail.gmail.com> I think the timings of the batch is interesting but it's hard to connect it to the number of messages in that batch. I use the default max batch size of 30 messages but during normal load MS starts processing a batch with typically 1-5 messages. I would like this log line: Batch processed in 9.58 seconds ...to look like this: Batch (24 messages) processed in 9.58 seconds Then it would be easy to see the throughput speed. Would that be easy to implement? Is that info available at the time the log line is written? -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060213/59fad646/attachment.html From alex at nkpanama.com Mon Feb 13 12:55:16 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 13 12:55:24 2006 Subject: mailscanner behind a smtpd frontend In-Reply-To: <223f97700602130145qcd13bedx@mail.gmail.com> References: <1139820771.6757.19.camel@philipp.terreactive.ch> <223f97700602130145qcd13bedx@mail.gmail.com> Message-ID: <43F081B4.2000601@nkpanama.com> Glenn Steen wrote: > On 13/02/06, Philipp Snizek wrote: > >> c) use a transparent smtpd service >> >> >> > Any modern firewall can do port forwarding with only "filtering", that > is _no "stateful inspection" or suchlike intervention_. > When we introduced Postfix&MailScanner as our "frontend MTA", that was > mainly to get out of the bugginess and instability of the infamous > SMTP proxy of the firewall we used at the time... (Yours wouldn't > happen to be ... red?:-):-) We haven't looked back since. We get > better protection and more control... And (due to both the public > firewall and the on-box FW) we are confident there is no possibility > of ... "traffic leakage". > I suppose what I'm advocating is some variant of c). > > You *shouldn't* have to use any form of smtpd on the firewall. Check the firewall mailing lists; a firewall is a firewall is a firewall, not a server. It shouldn't be running any services. It should simply forward traffic transparently to your MS gateway. I have had a ton of problems with some boxes (I'm almost sure they were, in fact, red) wanting to proxy the mail. They either keep it to themselves and not tell anybody, crash and take the e-mails with them, prevent me from using RBL's at the MTA level (all e-mail appears to come from the box), process e-mail from shotgun spammers (something I deal with using greet_pause), prevent people from using SMTP AUTH properly, ... the list goes on. In fact, I remember a *bank* whose fancy schmancy (and red, now that you mention it) box broke once... The "red box guy" they had wasn't available, so they called me to see if there was something I could do. I enabled the second interface on the server, installed a custom firewall script + dhcp + dns (forward and reverse) + transparent squid + squidclamav, and within the hour everybody was back to normal... except for the fact that network throughput was somehow faster, we had full logging of everything we wanted to know about the network and how it was being used, etc. - you guys *know* what I'm talking about here. Unfortunately, the "red box guy" came about 4 hours later and restored insanity to the place; people still talk about those glorious 3 hours where "the network was fast, e-mail came through instantaneously, and people loved one another". The second interface on the server sits waiting for the day where the sysadmin will finally be able to work up the guts to sell the shiny red box on eBay (for at least the "books" value, so he can justify it) and finally have complete control of his network. -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060213/983699ed/attachment.html From alex at nkpanama.com Mon Feb 13 12:57:58 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 13 12:58:06 2006 Subject: [OT] sendmail priority In-Reply-To: References: Message-ID: <43F08256.40005@nkpanama.com> Sendmail skips the RBLs for AUTHd users, at least on the default configs from CentOS. I think it has to do with a "delay_checks" setting. Check sendmail.org's info on AUTH. TAC Forums wrote: > The subject is slightly off topic, its Sendmail. > > We have a sendmail server, which we would like to configure with Real > time blackhole lists, to reject as much SPAM as possible. Also we have > SMTP Authentication enabled on the same server. > > If, a genuine user is on a blacklisted IP address and he uses our SMTP > server, will his mail be rejected? > > What gets higher priority, during an incoming SMTP connection, SMTP > authentication or Real time blackhole listing? > > Regards, > > Boskey > > -- > TAC Support Team > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From glenn.steen at gmail.com Mon Feb 13 13:15:15 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 13 13:15:19 2006 Subject: mailscanner behind a smtpd frontend In-Reply-To: <43F081B4.2000601@nkpanama.com> References: <1139820771.6757.19.camel@philipp.terreactive.ch> <223f97700602130145qcd13bedx@mail.gmail.com> <43F081B4.2000601@nkpanama.com> Message-ID: <223f97700602130515n5be4cf9by@mail.gmail.com> On 13/02/06, Alex Neuman van der Hans wrote: > > > Glenn Steen wrote: > On 13/02/06, Philipp Snizek wrote: > > > c) use a transparent smtpd service > > > > Any modern firewall can do port forwarding with only "filtering", that > is _no "stateful inspection" or suchlike intervention_. > When we introduced Postfix&MailScanner as our "frontend MTA", that was > mainly to get out of the bugginess and instability of the infamous > SMTP proxy of the firewall we used at the time... (Yours wouldn't > happen to be ... red?:-):-) We haven't looked back since. We get > better protection and more control... And (due to both the public > firewall and the on-box FW) we are confident there is no possibility > of ... "traffic leakage". > I suppose what I'm advocating is some variant of c). > > > > You *shouldn't* have to use any form of smtpd on the firewall. Check the > firewall mailing lists; a firewall is a firewall is a firewall, not a > server. It shouldn't be running any services. It should simply forward > traffic transparently to your MS gateway. > > I have had a ton of problems with some boxes (I'm almost sure they were, in > fact, red) wanting to proxy the mail. They either keep it to themselves and > not tell anybody, crash and take the e-mails with them, prevent me from > using RBL's at the MTA level (all e-mail appears to come from the box), > process e-mail from shotgun spammers (something I deal with using > greet_pause), prevent people from using SMTP AUTH properly, ... the list > goes on. > > In fact, I remember a *bank* whose fancy schmancy (and red, now that you > mention it) box broke once... The "red box guy" they had wasn't available, > so they called me to see if there was something I could do. I enabled the > second interface on the server, installed a custom firewall script + dhcp + > dns (forward and reverse) + transparent squid + squidclamav, and within the > hour everybody was back to normal... except for the fact that network > throughput was somehow faster, we had full logging of everything we wanted > to know about the network and how it was being used, etc. - you guys *know* > what I'm talking about here. > > Unfortunately, the "red box guy" came about 4 hours later and restored > insanity to the place; people still talk about those glorious 3 hours where > "the network was fast, e-mail came through instantaneously, and people loved > one another". The second interface on the server sits waiting for the day > where the sysadmin will finally be able to work up the guts to sell the > shiny red box on eBay (for at least the "books" value, so he can justify it) > and finally have complete control of his network. > > > -- > > Alex Neuman van der Hans > N&K Technology Consultants > Tel. +507 214-9002 - http://nkpanama.com/ > Quite true Alex, forgive me for the sloppy last sentence. Actually, you can set up a "red box" like an ordinary (meaning *normal*) firewall too... Really no need to use 'em like anything else. Or you can slip them into the closest harbor (really not useable as an anchor... to little weight... but I'd image they make an entertaining sound "going under":-). Oh well. All I'm saying is, that in situations where your PHB is loath to switch to another brand, one _can_ make sane use of them. Cheers, -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at nkpanama.com Mon Feb 13 13:34:31 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 13 13:34:40 2006 Subject: mailscanner behind a smtpd frontend In-Reply-To: <223f97700602130515n5be4cf9by@mail.gmail.com> References: <1139820771.6757.19.camel@philipp.terreactive.ch> <223f97700602130145qcd13bedx@mail.gmail.com> <43F081B4.2000601@nkpanama.com> <223f97700602130515n5be4cf9by@mail.gmail.com> Message-ID: <43F08AE7.9080105@nkpanama.com> Glenn Steen wrote: > Quite true Alex, forgive me for the sloppy last sentence. > > Actually, you can set up a "red box" like an ordinary (meaning > *normal*) firewall too... Really no need to use 'em like anything > else. > True... More and more I find such dumbed down red boxes, doing for $10k what can be done for a couple of dozen dollars of commodity (or even used) hardware. Even so, the red boxes will occasionally hiccup - or completely die on you, requiring tedious reloading of software and rules. The sysadmins can't work up the nerve to come up to the PHB and tell him that red box his golf buddies told him about is just an overpriced and overmarketed piece of ... equipment that provides a function that could have been demonstrably better performed at a lower cost. That's one of my pet peeves. The other one that comes up a lot is the fact that most of those same sysadmins will buy these "transparent proxy" boxes that come with one or more forms of "antivirus", for e-mail/web/etc. - instead of a properly configured box with MailScanner + squid + clamav + squidclamav + etc.. These are the same sysadmins that call you for help 6 months later when their entire network became a botnet after becoming infected with spyware (AV vendor says "it's not a virus, so why do I care"), or when they find they can't send email out because they've wound up on an RBL because their network is an unwitting spam source, or to find where and how the keylogger got installed on the PHB's machine, or to see if there's anything we can do to get his ebay/bank/email password back after someone stole it because they trusted an overpriced "commercial" offering they'd heard of instead of a system of tools that are known to work better, faster and more efficiently. I think I'd better go back to work; I haven't even had my first cup of coffee and I'm already ranting... can't imagine what I'll be like around noon after my 4th... ;) -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From glenn.steen at gmail.com Mon Feb 13 14:41:39 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 13 14:41:42 2006 Subject: mailscanner behind a smtpd frontend In-Reply-To: <43F08AE7.9080105@nkpanama.com> References: <1139820771.6757.19.camel@philipp.terreactive.ch> <223f97700602130145qcd13bedx@mail.gmail.com> <43F081B4.2000601@nkpanama.com> <223f97700602130515n5be4cf9by@mail.gmail.com> <43F08AE7.9080105@nkpanama.com> Message-ID: <223f97700602130641r332a009k@mail.gmail.com> On 13/02/06, Alex Neuman van der Hans wrote: > > > Glenn Steen wrote: > > Quite true Alex, forgive me for the sloppy last sentence. > > > > Actually, you can set up a "red box" like an ordinary (meaning > > *normal*) firewall too... Really no need to use 'em like anything > > else. > > > True... More and more I find such dumbed down red boxes, doing for $10k > what can be done for a couple of dozen dollars of commodity (or even > used) hardware. Even so, the red boxes will occasionally hiccup - or > completely die on you, requiring tedious reloading of software and > rules. The sysadmins can't work up the nerve to come up to the PHB and > tell him that red box his golf buddies told him about is just an > overpriced and overmarketed piece of ... equipment that provides a > function that could have been demonstrably better performed at a lower cost. No argument from me! > That's one of my pet peeves. The other one that comes up a lot is the > fact that most of those same sysadmins will buy these "transparent > proxy" boxes that come with one or more forms of "antivirus", for > e-mail/web/etc. - instead of a properly configured box with MailScanner > + squid + clamav + squidclamav + etc.. These are the same sysadmins that > call you for help 6 months later when their entire network became a > botnet after becoming infected with spyware (AV vendor says "it's not a > virus, so why do I care"), or when they find they can't send email out > because they've wound up on an RBL because their network is an unwitting > spam source, or to find where and how the keylogger got installed on the > PHB's machine, or to see if there's anything we can do to get his > ebay/bank/email password back after someone stole it because they > trusted an overpriced "commercial" offering they'd heard of instead of a > system of tools that are known to work better, faster and more efficiently. Just for the record.... You are now officially preaching to the choir. An entertaining rant nonetheless. > I think I'd better go back to work; I haven't even had my first cup of > coffee and I'm already ranting... can't imagine what I'll be like around > noon after my 4th... ;) Oh, I imagine you'll be fine Alex. Take a bear over lunch, have a nice siesta... :-):-) (I'm into my 6-7 (lost count)... And nearing the end of the day here... Not exactly feeli9ng my best either:) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Feb 13 14:44:57 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 13 14:45:01 2006 Subject: mailscanner behind a smtpd frontend In-Reply-To: <223f97700602130641r332a009k@mail.gmail.com> References: <1139820771.6757.19.camel@philipp.terreactive.ch> <223f97700602130145qcd13bedx@mail.gmail.com> <43F081B4.2000601@nkpanama.com> <223f97700602130515n5be4cf9by@mail.gmail.com> <43F08AE7.9080105@nkpanama.com> <223f97700602130641r332a009k@mail.gmail.com> Message-ID: <223f97700602130644p2d9e371fi@mail.gmail.com> On 13/02/06, Glenn Steen wrote: > (I'm into my 6-7 (lost count)... And nearing the end of the day > here... Not exactly feeli9ng my best either:) Cups of coffee, not beers (note to self.... "bear" is something you do, or an animal... Not something you drink ...). Point needs to be made after my posts on friday to this list and others:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From listacct at tulsaconnect.com Mon Feb 13 14:45:47 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Mon Feb 13 14:45:50 2006 Subject: More 4.50.15 woes on FreeBSD - Update In-Reply-To: References: Message-ID: <43F09B9B.6030203@tulsaconnect.com> Koopmann, Jan-Peter wrote: > Oh we all agree that something in the code triggers this. But the code > itself clearly works since other people do not have these problems (me > included). It must be something box specific. If you install perl > modules by hand on FreeBSD you might have conflicts of port based perl > modules and the ones you installed from CPAN. Again, this happens across 4 different boxes, so it isn't "box" specific. I've tried installing the Perl modules both ways -- from BSDPAN and from the ./install.sh distro. > I again strongly recommend that you use ports only on FreeBSD. The ports > are proberly tested and contain many sometimes important patches. Try > the current mailscanner port on a clean box or wait a few more days > until 4.50 is commited to the ports tree. If you do this, you will not > need install.sh which is not particularly FreeBSD aware. I did install from ports (Perl, exim, etc), with the exception of MS itself which is not patched specifically for FreeBSD that I know of. Perhaps the load on my boxes is greater than others, and this problem only shows up under heavy load? -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From zichovsky at trul.cz Mon Feb 13 14:48:35 2006 From: zichovsky at trul.cz (Pavel Zichovsky) Date: Mon Feb 13 14:48:52 2006 Subject: Deep troubles with DB_File module Message-ID: <001201c630ac$94370620$1601a8c0@NBZICHOVSKY2> Hi there! I have tried to install new SA from CLAMAV-SA pacakage on mailscanner.info But I have got to problem with module DB_File, which results in completeley unresponsive system (only hard reset works), First during install I noticed this error on build and install of DB_File: ---------------------------------------------------- Attempting to build and install DB_File-1.810 Unpacking perl-tar/DB_File-1.810.tar.gz Do not worry too much about errors from the next command. It is quite likely that some of the Perl modules are already installed on your system. The important ones are Mail-ClamAV and Mail-SpamAssassin. Parsing config.in... Looks Good. Checking if your kit is complete... Looks good Writing Makefile for DB_File cp DB_File.pm blib/lib/DB_File.pm AutoSplitting blib/lib/DB_File.pm (blib/lib/auto/DB_File) gcc -c -I/usr/local/BerkeleyDB/include -fno-strict-aliasing -I/usr/local/include -O2 -march=i386 -mcpu=i686 -DVERSION=\"1.810\" -DXS_VERSION=\"1.810 \" -fPIC -I/usr/lib/perl5/5.6.1/i386-linux/CORE -D_NOT_CORE -DmDB_Prefix_t=size_t -DmDB_Hash_t=u_int32_t version.c version.c:30:16: db.h: is not file or directory make: *** [version.o] Error 1 ---------------------------------------------------- But script continued so I did not worry as it said above Finaly when script started building SA package, there were these warnings: ---------------------------------------------------- *************************************************************************** NOTE: the optional DB_File module is installed, but is not an up-to-date version. Used to store data on-disk, for the Bayes-style logic and auto-whitelist. *Much* more efficient than the other standard Perl database packages. Strongly recommended. *************************************************************************** optional module out of date: DB_File optional module missing: Razor2 optional module missing: Net::Ident optional module missing: IO::Socket::INET6 optional module missing: IO::Socket::SSL optional module out of date: Getopt::Long warning: some functionality may not be available, please read the above report before continuing! ---------------------------------------------------- But when it started testing, something went terribly wrong: ---------------------------------------------------- PERL_DL_NONLAZY=1 /usr/bin/perl -Iblib/arch -Iblib/lib -I/usr/lib/perl5/5.6.1/i386-linux -I/usr/lib/perl5/5.6.1 -e 'use Test::Harness qw(&runtests $verbose); $verbose=0; runtests @ARGV;' t/*.t t/basic_lint................[25595] warn: Use of uninitialized value in numeric ge (>=) at /usr/lib/perl5/5.6.1/i386-linux/DB_File.pm line 271. [25595] warn: Use of uninitialized value in numeric gt (>) at /usr/lib/perl5/5.6.1/i386-linux/DB_File.pm line 275. [25595] warn: Deep recursion on subroutine "DB_File::AUTOLOAD" at /usr/lib/perl5/5.6.1/i386-linux/DB_File.pm line 234. Not found: anything = t/basic_lint................FAILED test 1 Failed 1/1 tests, 0.00% okay t/bayesdbm_flock............skipped all skipped: no reason given t/bayesdbm..................skipped all skipped: no reason given t/bayessdbm_seen_delete.....ok t/bayessdbm.................ok t/bayessql..................skipped all skipped: no reason given t/blacklist_autolearn.......[25648] warn: Use of uninitialized value in numeric ge (>=) at /usr/lib/perl5/5.6.1/i386-linux/DB_File.pm line 271. [25648] warn: Use of uninitialized value in numeric gt (>) at /usr/lib/perl5/5.6.1/i386-linux/DB_File.pm line 275. [25648] warn: Deep recursion on subroutine "DB_File::AUTOLOAD" at /usr/lib/perl5/5.6.1/i386-linux/DB_File.pm line 234. Not found: blacklisted = USER_IN_BLACKLIST t/blacklist_autolearn.......FAILED tests 1-2 Failed 2/3 tests, 33.33% okay t/body_mod..................Use of uninitialized value in numeric ge (>=) at /usr/lib/perl5/5.6.1/i386-linux/DB_File.pm line 271. Use of uninitialized value in numeric gt (>) at /usr/lib/perl5/5.6.1/i386-linux/DB_File.pm line 275. Deep recursion on subroutine "DB_File::AUTOLOAD" at /usr/lib/perl5/5.6.1/i386-linux/DB_File.pm line 234. t/body_mod..................dubious Test returned status 0 (wstat 15, 0xf) DIED. FAILED tests 1-3 Failed 3/3 tests, 0.00% okay t/cidrs.....................ok t/config_errs...............skipped all skipped: no reason given t/db_awl_path...............FAILED test 3 Failed 1/4 tests, 75.00% okay t/db_based_whitelist_ips....[25753] warn: Use of uninitialized value in numeric ge (>=) at /usr/lib/perl5/5.6.1/i386-linux/DB_File.pm line 271. [25753] warn: Use of uninitialized value in numeric gt (>) at /usr/lib/perl5/5.6.1/i386-linux/DB_File.pm line 275. [25753] warn: Deep recursion on subroutine "DB_File::AUTOLOAD" at /usr/lib/perl5/5.6.1/i386-linux/DB_File.pm line 234. t/db_based_whitelist_ips....NOK 1[25757] warn: Use of uninitialized value in numeric ge (>=) at /usr/lib/perl5/5.6.1/i386-linux/DB_File.pm line 271. [25757] warn: Use of uninitialized value in numeric gt (>) at /usr/lib/perl5/5.6.1/i386-linux/DB_File.pm line 275. [25757] warn: Deep recursion on subroutine "DB_File::AUTOLOAD" at /usr/lib/perl5/5.6.1/i386-linux/DB_File.pm line 234. t/db_based_whitelist_ips....NOK 2[25761] warn: Use of uninitialized value in numeric ge (>=) at /usr/lib/perl5/5.6.1/i386-linux/DB_File.pm line 271. [25761] warn: Use of uninitialized value in numeric gt (>) at /usr/lib/perl5/5.6.1/i386-linux/DB_File.pm line 275. [25761] warn: Deep recursion on subroutine "DB_File::AUTOLOAD" at /usr/lib/perl5/5.6.1/i386-linux/DB_File.pm line 234. t/db_based_whitelist_ips....NOK 3[25793] warn: Use of uninitialized value in numeric ge (>=) at /usr/lib/perl5/5.6.1/i386-linux/DB_File.pm line 271. [25793] warn: Use of uninitialized value in numeric gt (>) at /usr/lib/perl5/5.6.1/i386-linux/DB_File.pm line 275. [25793] warn: Deep recursion on subroutine "DB_File::AUTOLOAD" at /usr/lib/perl5/5.6.1/i386-linux/DB_File.pm line 234. ---------------------------------------------------- At this line server go stuck and stopped responding completely, all services (e.g. samba or httpd) were "dead". After few minutes waiting for reecovery, I did hard reset, and server is now wotking OK. But I am afraid that when I'll install again, it will got stuck as now. Is there any way of correctly install working DB_File? Unfortunately I am not Perl or Linux "guru" so I am asking here to avoid worse errors. Thanks in advance With regards Pavel Zichovsky (zichovsky@trul) From philipp.snizek at terreactive.ch Mon Feb 13 14:54:53 2006 From: philipp.snizek at terreactive.ch (Philipp Snizek) Date: Mon Feb 13 14:55:00 2006 Subject: mailscanner behind a smtpd frontend In-Reply-To: <43F08AE7.9080105@nkpanama.com> References: <1139820771.6757.19.camel@philipp.terreactive.ch> <223f97700602130145qcd13bedx@mail.gmail.com> <43F081B4.2000601@nkpanama.com> <223f97700602130515n5be4cf9by@mail.gmail.com> <43F08AE7.9080105@nkpanama.com> Message-ID: <1139842494.6757.41.camel@philipp.terreactive.ch> > > > True... More and more I find such dumbed down red boxes, doing for $10k > what can be done for a couple of dozen dollars of commodity (or even > used) hardware. Even so, the red boxes will occasionally hiccup - or > completely die on you, requiring tedious reloading of software and > rules. The sysadmins can't work up the nerve to come up to the PHB and > tell him that red box his golf buddies told him about is just an > overpriced and overmarketed piece of ... equipment that provides a > function that could have been demonstrably better performed at a lower cost. > > That's one of my pet peeves. The other one that comes up a lot is the > fact that most of those same sysadmins will buy these "transparent > proxy" boxes that come with one or more forms of "antivirus", for > e-mail/web/etc. - instead of a properly configured box with MailScanner > + squid + clamav + squidclamav + etc.. These are the same sysadmins that > call you for help 6 months later when their entire network became a > botnet after becoming infected with spyware (AV vendor says "it's not a > virus, so why do I care"), or when they find they can't send email out > because they've wound up on an RBL because their network is an unwitting > spam source, or to find where and how the keylogger got installed on the > PHB's machine, or to see if there's anything we can do to get his > ebay/bank/email password back after someone stole it because they > trusted an overpriced "commercial" offering they'd heard of instead of a > system of tools that are known to work better, faster and more efficiently. > > I think I'd better go back to work; I haven't even had my first cup of > coffee and I'm already ranting... can't imagine what I'll be like around > noon after my 4th... ;) I of course agree with both of you. A firewall is a firewall .... a.s.o. => no services on it. But thats not the question. The question is that I have got an smtpd before a smtpd+sa+ms+av. Of course the smtpd is protected by a transparent L3/4 paketfilter. Generally, I can't break this setup. Still I'm looking for a solution whether mails a) could be sent transparently through the smtpd to the antispam gw (transparently = leaves no trace in the email's header), b) SA can be told that it should ignore the smtpd's received:from header, c) MailScanner can cut the particular received:from header before mails get injected into SA or d) ...your idea... Many people use a smtp proxy to protect their SA box. I want to make sure that the SA box doesn't learn that the smtp proxy sometimes sends crap. That's why the received:from header must be ignored, cut, whatever. Thanks so far for your answers Philipp From shuttlebox at gmail.com Mon Feb 13 15:05:01 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Feb 13 15:05:04 2006 Subject: Deep troubles with DB_File module In-Reply-To: <001201c630ac$94370620$1601a8c0@NBZICHOVSKY2> References: <001201c630ac$94370620$1601a8c0@NBZICHOVSKY2> Message-ID: <625385e30602130705mf07db43y6f96c7869848f792@mail.gmail.com> On 2/13/06, Pavel Zichovsky wrote: > > Is there any way of correctly install working DB_File? Unfortunately I am > not Perl or Linux "guru" so I am asking here to avoid > worse errors. > What Linux do you use? Can you find packages for DB_File and/or SA? Otherwise you can try to use CPAN instead. # perl -e shell -MCPAN > install DB_File -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060213/60475af9/attachment.html From rcooper at dwford.com Mon Feb 13 15:34:04 2006 From: rcooper at dwford.com (Rick Cooper) Date: Mon Feb 13 15:34:15 2006 Subject: Deep troubles with DB_File module In-Reply-To: <001201c630ac$94370620$1601a8c0@NBZICHOVSKY2> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Pavel > Zichovsky > Sent: Monday, February 13, 2006 9:49 AM > To: mailscanner@lists.mailscanner.info > Subject: Deep troubles with DB_File module > > > Hi there! > > I have tried to install new SA from CLAMAV-SA pacakage on mailscanner.info > [...] > gcc -c -I/usr/local/BerkeleyDB/include -fno-strict-aliasing > -I/usr/local/include -O2 -march=i386 -mcpu=i686 -DVERSION=\"1.810\" > -DXS_VERSION=\"1.810 \" -fPIC > -I/usr/lib/perl5/5.6.1/i386-linux/CORE -D_NOT_CORE -DmDB_Prefix_t=size_t > -DmDB_Hash_t=u_int32_t version.c > version.c:30:16: db.h: is not file or directory <-- ROOT ERROR IS HERE > make: *** [version.o] Error 1 [...] Where is your db.h file located? I ask this because the DB_File config.in file, IIRC, defaults to /usr/local/BerkeleyDB/include and /usr/local/BerkeleyDB/lib. This is not appropriate for many installations and you may have to install that package manually by editing the config.in to point to the correct place. For instance, in my case I have to point to /usr/local/BerkeleyDB.4.3/include and /usr/local/BerkeleyDB.4.3/lib because I have several versions and even when I modify the DBNAME = line in config.in the damn test programs find the .h file of one version and the libdb*.a of another. You may simply have to uncommnet one of the /usr/include or /usr/local/include and lib entries. If cpan -i DB_File also fails try: cpan cpan> look DB_File which will drop you into a shell in the correct build directory. then edit the config.in so the paths (at the top) match the location of your db.h and libdb*.a files. then save and run perl Makefile.PL if no errors then make && make test && make install (which says run make and if no errors then run make test, if no error make install) Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Jan-Peter.Koopmann at seceidos.de Mon Feb 13 15:47:57 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Mon Feb 13 15:48:08 2006 Subject: More 4.50.15 woes on FreeBSD - Update Message-ID: On Monday, February 13, 2006 3:46 PM TCIS List Acct wrote: > Again, this happens across 4 different boxes, so it isn't "box" > specific. I've tried installing the Perl modules both ways -- from > BSDPAN and from the ./install.sh distro. Ok, make it "installation specific" then, since there are far more than 4 FreeBSD boxes up and running without problems. > I did install from ports (Perl, exim, etc), with the exception of MS > itself which is not patched specifically for FreeBSD that I know of. Some things are patched but nothing overly important. You installed perl from ports but did you also install the perl modules via ports? I would suggest using the p5- ports only. > Perhaps the load on my boxes is greater than others, and this problem > only shows up under heavy load? Maybe but I doubt it. Regards, JP From harryh at cet.com Mon Feb 13 16:30:11 2006 From: harryh at cet.com (Harry Hanson) Date: Mon Feb 13 16:31:19 2006 Subject: mailscanner log level In-Reply-To: <43EFDFD3.10908@blacknight.ie> Message-ID: <007301c630ba$c2c09890$6400a8c0@EDH> A good place to start, certainly... and of course the first thing I checked. Which cfg setting controls that? The upgrade required using a new .conf file, and I edited (or so I thought) all applicable settings, but something is just not the same. The only place I can see where log settings are changed is this section: (new MailScanner.conf, missing the batch entries) # # Logging # ------- # Syslog Facility = mail Log Speed = yes Log Spam = yes Log Non Spam = no Log Permitted Filenames = no Log Permitted Filetypes = no Log Silent Viruses = yes Log Dangerous HTML Tags = yes (previous MailScanner.conf, which shows the batch entries) # # Logging # ------- # Syslog Facility = mail Log Speed = yes Log Spam = yes Log Non Spam = no Log Permitted Filenames = no Log Permitted Filetypes = no Thanks -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Michele Neylon:: Blacknight.ie Sent: Sunday, February 12, 2006 5:25 PM To: MailScanner discussion Subject: Re: mailscanner log level Harry Hanson wrote: > > How can I correct this? > It sounds like you changed something in your config, possibly overwriting MailScanner.conf with the new one I'd check the log settings in that to start with -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --- [This E-mail scanned for viruses] From listacct at tulsaconnect.com Mon Feb 13 16:36:59 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Mon Feb 13 16:38:58 2006 Subject: More 4.50.15 woes on FreeBSD - Update In-Reply-To: References: Message-ID: <43F0B5AB.4000208@tulsaconnect.com> Koopmann, Jan-Peter wrote: > Some things are patched but nothing overly important. You installed perl > from ports but did you also install the perl modules via ports? I would > suggest using the p5- ports only. I installed the perl modules via the ./install.sh script. I'll uninstall them and install from ports today. > Maybe but I doubt it. Each box does about 150,000 - 200,000 messages a day (actual count of messages passed to MailScanner, does not count those rejected at the exim level). -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From jeff at dynamictelecard.com Mon Feb 13 17:16:42 2006 From: jeff at dynamictelecard.com (Jeff Davis) Date: Mon Feb 13 17:17:02 2006 Subject: MailScanner and Razor2 plugin Message-ID: <43F0BEFA.5090400@dynamictelecard.com> The install instructions for the Razor Agent says to run razor-admin -register under /home/user/.razor and as that user. Should I do this as the postfix user or as root, and what directory should I be in? Thanks, -Jeff From listacct at tulsaconnect.com Mon Feb 13 17:54:11 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Mon Feb 13 17:56:11 2006 Subject: More 4.50.15 woes on FreeBSD - Update In-Reply-To: References: Message-ID: <43F0C7C3.3050901@tulsaconnect.com> Koopmann, Jan-Peter wrote: > Ok, make it "installation specific" then, since there are far more than > 4 FreeBSD boxes up and running without problems. > FWIW, I just upgraded to 4.48.4-2 and am not seeing the issue. I'll try 4.49.7-1 next (as it appears to be where the "speedup code" was first implemented). -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From mkettler at evi-inc.com Mon Feb 13 18:22:41 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Feb 13 18:23:01 2006 Subject: MailScanner and Razor2 plugin In-Reply-To: <43F0BEFA.5090400@dynamictelecard.com> References: <43F0BEFA.5090400@dynamictelecard.com> Message-ID: <43F0CE71.4050504@evi-inc.com> Jeff Davis wrote: > The install instructions for the Razor Agent says to run > razor-admin -register under /home/user/.razor and as that user. > > Should I do this as the postfix user or > as root, and what directory should I be in? It really does not matter what user you use as far as MailScanner goes. Mailscanner only calls SA to scan mail, which only checks against razor. You don't need to be registered to check mail against razor. You only need to be registered in order to report messages to razor. So if you intend to use razor-report or spamassassin -r on message files, be sure you run the registration as whatever user you intend to submit reports as. From DCurtis at sbschools.net Mon Feb 13 18:31:22 2006 From: DCurtis at sbschools.net (David Curtis) Date: Mon Feb 13 18:31:42 2006 Subject: spamassassinprefsfile Message-ID: I have started to notice every time I start MailScanner I get this error in the log file: Feb 13 12:20:40 sbschools MailScanner[11352]: Unrecognised keyword "spamassassinprefsfile" at line 1404 Feb 13 12:20:40 sbschools MailScanner[11352]: Aborting due to syntax errors in /etc/MailScanner/MailScanner.conf I have changed the config file to point right to the spamassassin prefs file (/etc/MailScanner/spam.assassin.prefs.conf) and I still get this error. Any advice would be great. Thanks. ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060213/af761439/attachment.html From shuttlebox at gmail.com Mon Feb 13 18:32:40 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Feb 13 18:32:43 2006 Subject: mailscanner log level In-Reply-To: <007301c630ba$c2c09890$6400a8c0@EDH> References: <43EFDFD3.10908@blacknight.ie> <007301c630ba$c2c09890$6400a8c0@EDH> Message-ID: <625385e30602131032h7c007317kfba9f26709c1614b@mail.gmail.com> On 2/13/06, Harry Hanson wrote: > > The upgrade required using a new .conf file, and I edited (or so I > thought) > all applicable settings, but something is just not the same. The only > place > I can see where log settings are changed is this section: > You should not edit by hand, too easy to make mistakes. There's a script called upgrade_MailScanner_conf that takes care of this. Run it with no parameters and it will explain how to use it. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060213/db6d9c9a/attachment.html From shuttlebox at gmail.com Mon Feb 13 18:36:57 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Feb 13 18:37:00 2006 Subject: spamassassinprefsfile In-Reply-To: References: Message-ID: <625385e30602131036y2cc9c2aaxfcfd3cb3e3c14069@mail.gmail.com> On 2/13/06, David Curtis wrote: > > I have started to notice every time I start MailScanner I get this error > in the log file: Feb 13 12:20:40 sbschools MailScanner[11352]: > Unrecognised keyword "spamassassinprefsfile" at line 1404 > Feb 13 12:20:40 sbschools MailScanner[11352]: Aborting due to syntax > errors in /etc/MailScanner/MailScanner.conf > Run upgrade_MailScanner_conf. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060213/f580244b/attachment.html From realmcking at gmail.com Mon Feb 13 18:49:31 2006 From: realmcking at gmail.com (Mark McCoy) Date: Mon Feb 13 18:49:35 2006 Subject: need advice on MTA and MDA In-Reply-To: <39e688060602121343m13e51872xe3662112af3d1cc@mail.gmail.com> References: <43EE8DF0.8080505@fractalweb.com> <39e688060602111747k2a3334e1v343a3319c2978c2b@mail.gmail.com> <43EF818C.4040601@rogers.com> <39e688060602121343m13e51872xe3662112af3d1cc@mail.gmail.com> Message-ID: On 2/12/06, Matt Standish wrote: > > > > > > > > > > > > > How about the Horde project? http://www.horde.org/ > > > > > > It is a royal pain to setup but worth it once you get it running. > > > > > > > Horde/Imp is a horrible bloat of code. I would recommend you use > > squirrelmail instead. > > > > > > > > > Horrible bloat maybe, but what does the user care about bloated code? To > the user Horde is much better than SquirrelMail and it is the customer that > pays the bills :) > The question is, does the OP need just webmail (squirrelmail), or webmail + portal + calendar + kitchensink + uglyUI + horribleOutOfDateTablesAndFrames + slowYourServerToACrawl (horde)? -- Mark McCoy -- Professional Unix geek "On two occasions I have been asked, 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. " -- Charles Babbage From alex at nkpanama.com Mon Feb 13 18:56:59 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 13 18:57:05 2006 Subject: mailscanner behind a smtpd frontend In-Reply-To: <1139842494.6757.41.camel@philipp.terreactive.ch> References: <1139820771.6757.19.camel@philipp.terreactive.ch> <223f97700602130145qcd13bedx@mail.gmail.com> <43F081B4.2000601@nkpanama.com> <223f97700602130515n5be4cf9by@mail.gmail.com> <43F08AE7.9080105@nkpanama.com> <1139842494.6757.41.camel@philipp.terreactive.ch> Message-ID: <43F0D67B.9050506@nkpanama.com> In any case you can check: bayes_ignore_header X-YOURDOMAIN-COM-MailScanner bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamCheck bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamScore bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-Information ... from /etc/mail/spamassassin/mailscanner.cf for a clue. You could write a few lines that include your particular headers and have SA ignore them. I don't know if bayes_ignore_header takes regexps, but you could look at the docs for SA and see for yourself. Philipp Snizek wrote: >>> >>> >> True... More and more I find such dumbed down red boxes, doing for $10k >> what can be done for a couple of dozen dollars of commodity (or even >> used) hardware. Even so, the red boxes will occasionally hiccup - or >> completely die on you, requiring tedious reloading of software and >> rules. The sysadmins can't work up the nerve to come up to the PHB and >> tell him that red box his golf buddies told him about is just an >> overpriced and overmarketed piece of ... equipment that provides a >> function that could have been demonstrably better performed at a lower cost. >> >> That's one of my pet peeves. The other one that comes up a lot is the >> fact that most of those same sysadmins will buy these "transparent >> proxy" boxes that come with one or more forms of "antivirus", for >> e-mail/web/etc. - instead of a properly configured box with MailScanner >> + squid + clamav + squidclamav + etc.. These are the same sysadmins that >> call you for help 6 months later when their entire network became a >> botnet after becoming infected with spyware (AV vendor says "it's not a >> virus, so why do I care"), or when they find they can't send email out >> because they've wound up on an RBL because their network is an unwitting >> spam source, or to find where and how the keylogger got installed on the >> PHB's machine, or to see if there's anything we can do to get his >> ebay/bank/email password back after someone stole it because they >> trusted an overpriced "commercial" offering they'd heard of instead of a >> system of tools that are known to work better, faster and more efficiently. >> >> I think I'd better go back to work; I haven't even had my first cup of >> coffee and I'm already ranting... can't imagine what I'll be like around >> noon after my 4th... ;) >> > > I of course agree with both of you. A firewall is a firewall .... a.s.o. > => no services on it. > But thats not the question. > The question is that I have got an smtpd before a smtpd+sa+ms+av. Of > course the smtpd is protected by a transparent L3/4 paketfilter. > Generally, I can't break this setup. Still I'm looking for a solution > whether mails a) could be sent transparently through the smtpd to the > antispam gw (transparently = leaves no trace in the email's header), b) > SA can be told that it should ignore the smtpd's received:from header, > c) MailScanner can cut the particular received:from header before mails > get injected into SA or d) ...your idea... > > Many people use a smtp proxy to protect their SA box. I want to make > sure that the SA box doesn't learn that the smtp proxy sometimes sends > crap. That's why the received:from header must be ignored, cut, > whatever. > > Thanks so far for your answers > > > Philipp > > > > > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060213/9a726022/attachment-0001.html From DCurtis at sbschools.net Mon Feb 13 19:48:06 2006 From: DCurtis at sbschools.net (David Curtis) Date: Mon Feb 13 19:48:35 2006 Subject: spamassassinprefsfile Message-ID: I did that and have been doing that every upgrade and I am still getting the error. Any other advice? Thanks. >>> shuttlebox@gmail.com 2/13/2006 1:36:57 PM >>> On 2/13/06, David Curtis wrote:I have started to notice every time I start MailScanner I get this error in the log file:Feb 13 12:20:40 sbschools MailScanner[11352]: Unrecognised keyword "spamassassinprefsfile" at line 1404 Feb 13 12:20:40 sbschools MailScanner[11352]: Aborting due to syntax errors in /etc/MailScanner/MailScanner.conf Run upgrade_MailScanner_conf. -- /peter ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060213/744d6dac/attachment.html From ssilva at sgvwater.com Tue Feb 14 00:22:57 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Feb 14 00:23:20 2006 Subject: spamassassinprefsfile In-Reply-To: References: Message-ID: David Curtis spake the following on 2/13/2006 10:31 AM: > > > I have started to notice every time I start MailScanner I get this error > in the log file: > Feb 13 12:20:40 sbschools MailScanner[11352]: Unrecognised keyword > "spamassassinprefsfile" at line 1404 > Feb 13 12:20:40 sbschools MailScanner[11352]: Aborting due to syntax > errors in /etc/MailScanner/MailScanner.conf > > I have changed the config file to point right to the spamassassin prefs > file (/etc/MailScanner/spam.assassin.prefs.conf) and I still get this error. > Any advice would be great. > Thanks. Which version of MailScanner. If 4.50-15, that option is no longer used. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From dmehler26 at woh.rr.com Tue Feb 14 00:56:47 2006 From: dmehler26 at woh.rr.com (Dave) Date: Tue Feb 14 01:05:45 2006 Subject: spamassassinprefsfile References: Message-ID: <006701c63101$88f406a0$0200a8c0@satellite> Hi, I'm also seeing this error. This is on a FreeBSD6 box running MS 4.49.7 via ports. Thanks. Dave. ----- Original Message ----- From: "Scott Silva" To: Sent: Monday, February 13, 2006 7:22 PM Subject: Re: spamassassinprefsfile > David Curtis spake the following on 2/13/2006 10:31 AM: >> >> >> I have started to notice every time I start MailScanner I get this error >> in the log file: >> Feb 13 12:20:40 sbschools MailScanner[11352]: Unrecognised keyword >> "spamassassinprefsfile" at line 1404 >> Feb 13 12:20:40 sbschools MailScanner[11352]: Aborting due to syntax >> errors in /etc/MailScanner/MailScanner.conf >> >> I have changed the config file to point right to the spamassassin prefs >> file (/etc/MailScanner/spam.assassin.prefs.conf) and I still get this >> error. >> Any advice would be great. >> Thanks. > > Which version of MailScanner. If 4.50-15, that option is no longer used. > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Tue Feb 14 09:10:33 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 14 09:10:37 2006 Subject: mailscanner behind a smtpd frontend In-Reply-To: <43F0D67B.9050506@nkpanama.com> References: <1139820771.6757.19.camel@philipp.terreactive.ch> <223f97700602130145qcd13bedx@mail.gmail.com> <43F081B4.2000601@nkpanama.com> <223f97700602130515n5be4cf9by@mail.gmail.com> <43F08AE7.9080105@nkpanama.com> <1139842494.6757.41.camel@philipp.terreactive.ch> <43F0D67B.9050506@nkpanama.com> Message-ID: <223f97700602140110m131e7d4cw@mail.gmail.com> On 13/02/06, Alex Neuman van der Hans wrote: > In any case you can check: > bayes_ignore_header X-YOURDOMAIN-COM-MailScanner > bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamCheck > bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamScore > bayes_ignore_header > X-YOURDOMAIN-COM-MailScanner-Information > > ... from /etc/mail/spamassassin/mailscanner.cf for a clue. > You could write a few lines that include your particular headers and have SA > ignore them. I don't know if bayes_ignore_header takes regexps, but you > could look at the docs for SA and see for yourself. > Problem 1 is that you can't really do that for all the Received lines... And the original problem is that adding such a line is an RFC MUST. Sigh. So unless one can do REs on it, you lose. Unfortunately, bayes_ignore_header doesn't seem to accept RE:s (from the man-page)... Perhaps Matt Kettler has a better clue... So either you cannot use bayes (and might have issues beyond this), or you really need convince the owner/PHB to rethink their strategy... As it is, it'll probably hurt your results. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From jonas.lilja at exallon.sigma.se Tue Feb 14 12:09:59 2006 From: jonas.lilja at exallon.sigma.se (Jonas Lilja) Date: Tue Feb 14 12:11:21 2006 Subject: strange blocking Message-ID: <34D06C003AA0EA4D8D9B9443E7BDDD9501CDE5AC@ikaros.exallon.sigma.se> Hi, my problem is that if I have to send an exe-file, I usually (in an earlier version of MailScanner) rename the file to txt and it will pass through the MailScanner filter. But - after the upgrade - if I first compress the exe-file to zip and then rename the zip to txt it will be blocked by MailScanner (I can still rename pure exe-files to txt and send them). I have already comment out "Block executables" in my conf but leaved the default block rule for exe, com and other dangerous attachements. How can I solve this? Thanks /Jonas Lilja, Sweden. PS- I?m running MailScanner 4.50.15.1 on a RedHat ES4. From gmatt at nerc.ac.uk Tue Feb 14 12:11:03 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Tue Feb 14 12:22:25 2006 Subject: errors/warnings reported in message.pm Message-ID: <1139919063.3131.13.camel@lea.nerc-wallingford.ac.uk> Doing some debugging of my system I stumbled upon the following warnings from MailScanner: ..... [24961] dbg: locker: safe_unlock: unlocked /etc/MailScanner/bayes/bayes.mutex [24961] dbg: learn: initializing learner Use of uninitialized value in numeric ne (!=) at /usr/lib/MailScanner/MailScanner/Message.pm line 550. Use of uninitialized value in numeric ne (!=) at /usr/lib/MailScanner/MailScanner/Message.pm line 551. Use of uninitialized value in string ne at /usr/lib/MailScanner/MailScanner/Message.pm line 552. I havent found a searchable archive of MailScanner messages and this does not crop up in the messages I have personally saved. Is this a known problem? is there a cure? this is MailScanner 4.45.4 GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From philipp.snizek at terreactive.ch Tue Feb 14 12:42:31 2006 From: philipp.snizek at terreactive.ch (Philipp Snizek) Date: Tue Feb 14 12:42:37 2006 Subject: mailscanner behind a smtpd frontend In-Reply-To: <223f97700602140110m131e7d4cw@mail.gmail.com> References: <1139820771.6757.19.camel@philipp.terreactive.ch> <223f97700602130145qcd13bedx@mail.gmail.com> <43F081B4.2000601@nkpanama.com> <223f97700602130515n5be4cf9by@mail.gmail.com> <43F08AE7.9080105@nkpanama.com> <1139842494.6757.41.camel@philipp.terreactive.ch> <43F0D67B.9050506@nkpanama.com> <223f97700602140110m131e7d4cw@mail.gmail.com> Message-ID: <1139920951.11334.27.camel@philipp.terreactive.ch> On Tue, 2006-02-14 at 10:10 +0100, Glenn Steen wrote: > On 13/02/06, Alex Neuman van der Hans wrote: > > In any case you can check: > > bayes_ignore_header X-YOURDOMAIN-COM-MailScanner > > bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamCheck > > bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamScore > > bayes_ignore_header > > X-YOURDOMAIN-COM-MailScanner-Information > > > > ... from /etc/mail/spamassassin/mailscanner.cf for a clue. > > You could write a few lines that include your particular headers and have SA > > ignore them. I don't know if bayes_ignore_header takes regexps, but you > > could look at the docs for SA and see for yourself. > > > Problem 1 is that you can't really do that for all the Received > lines... And the original problem is that adding such a line is an RFC > MUST. Sigh. > > So unless one can do REs on it, you lose. Unfortunately, > bayes_ignore_header doesn't seem to accept RE:s (from the man-page)... > Perhaps Matt Kettler has a better clue... > > So either you cannot use bayes (and might have issues beyond this), or > you really need convince the owner/PHB to rethink their strategy... As > it is, it'll probably hurt your results. What about having MailScanner remove the received:from lines before the mail gets injected into SpamAssassin? Is this possible? Philipp From gmatt at nerc.ac.uk Tue Feb 14 12:57:46 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Tue Feb 14 12:57:53 2006 Subject: x86_64 mail servers In-Reply-To: References: Message-ID: <1139921866.3131.15.camel@lea.nerc-wallingford.ac.uk> I've installed on a SMP Opteron box and the only stumbling block is that Sophos AV is 32 bit only so you cant use the Sophos::SAVI libraries to interface to it. Instead, you call sophos directly. G On Wed, 2006-02-08 at 10:29 -0800, Mark Nienberg wrote: > I'm getting ready to migrate a MailScanner server to new hardware. The > new machine has an Opteron chip. Assuming I use a linux distro that > comes in both x86 and x86_64 versions, is there any reason to avoid the > x86_64 version? (I'm not asking about which distro to use!) > > I'm running a similar machine as a file server using x86_64 so I am > somewhat familiar with it, but that machine uses mostly software that > came with the distro and is already compiled. The MailScanner machine > needs more third-party stuff and I wonder about the ability to obtain > and compile all those perl modules and so forth. > > I've seen comments on this list that the x86_64 didn't seem to make much > difference and I admit it is simpler to use the plain x86 version, but > it bothers me a little to intentionally not use the software that is > specifically configured for the chip. > > Thanks for any insights. > > Mark Nienberg > Tipping Mar + associates > Berkeley, CA > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From Denis.Beauchemin at USherbrooke.ca Tue Feb 14 13:56:33 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Feb 14 13:56:51 2006 Subject: strange blocking In-Reply-To: <34D06C003AA0EA4D8D9B9443E7BDDD9501CDE5AC@ikaros.exallon.sigma.se> References: <34D06C003AA0EA4D8D9B9443E7BDDD9501CDE5AC@ikaros.exallon.sigma.se> Message-ID: <43F1E191.4090306@USherbrooke.ca> Jonas Lilja wrote: >Hi, my problem is that if I have to send an exe-file, I usually (in an earlier version of MailScanner) rename the file to txt and it will pass through the MailScanner filter. But - after the upgrade - if I first compress the exe-file to zip and then rename the zip to txt it will be blocked by MailScanner (I can still rename pure exe-files to txt and send them). I have already comment out "Block executables" in my conf but leaved the default block rule for exe, com and other dangerous attachements. How can I solve this? > >Thanks > >/Jonas Lilja, Sweden. > >PS- I?m running MailScanner 4.50.15.1 on a RedHat ES4. > > Jonas, It is probably caught by filetype.rules.conf that checks the first bytes of each attachment to determine their true nature. Personnally, I turned it off... Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060214/edc0d1b1/smime.bin From alex at nkpanama.com Tue Feb 14 15:12:20 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Feb 14 15:14:35 2006 Subject: mailscanner behind a smtpd frontend In-Reply-To: <1139920951.11334.27.camel@philipp.terreactive.ch> References: <1139820771.6757.19.camel@philipp.terreactive.ch> <223f97700602130145qcd13bedx@mail.gmail.com> <43F081B4.2000601@nkpanama.com> <223f97700602130515n5be4cf9by@mail.gmail.com> <43F08AE7.9080105@nkpanama.com> <1139842494.6757.41.camel@philipp.terreactive.ch> <43F0D67B.9050506@nkpanama.com> <223f97700602140110m131e7d4cw@mail.gmail.com> <1139920951.11334.27.camel@philipp.terreactive.ch> Message-ID: <43F1F354.6020805@nkpanama.com> If it is, it ain't kosher. Philipp Snizek wrote: > What about having MailScanner remove the received:from lines before the > mail gets injected into SpamAssassin? > Is this possible? > > Philipp > > > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From mkettler at evi-inc.com Tue Feb 14 16:10:24 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Feb 14 16:10:31 2006 Subject: mailscanner behind a smtpd frontend In-Reply-To: <223f97700602140110m131e7d4cw@mail.gmail.com> References: <1139820771.6757.19.camel@philipp.terreactive.ch> <223f97700602130145qcd13bedx@mail.gmail.com> <43F081B4.2000601@nkpanama.com> <223f97700602130515n5be4cf9by@mail.gmail.com> <43F08AE7.9080105@nkpanama.com> <1139842494.6757.41.camel@philipp.terreactive.ch> <43F0D67B.9050506@nkpanama.com> <223f97700602140110m131e7d4cw@mail.gmail.com> Message-ID: <43F200F0.3070900@evi-inc.com> Glenn Steen wrote: > On 13/02/06, Alex Neuman van der Hans wrote: >> In any case you can check: >> bayes_ignore_header X-YOURDOMAIN-COM-MailScanner >> bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamCheck >> bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamScore >> bayes_ignore_header >> X-YOURDOMAIN-COM-MailScanner-Information >> >> ... from /etc/mail/spamassassin/mailscanner.cf for a clue. >> You could write a few lines that include your particular headers and have SA >> ignore them. I don't know if bayes_ignore_header takes regexps, but you >> could look at the docs for SA and see for yourself. >> > Problem 1 is that you can't really do that for all the Received > lines... And the original problem is that adding such a line is an RFC > MUST. Sigh. > > So unless one can do REs on it, you lose. Unfortunately, > bayes_ignore_header doesn't seem to accept RE:s (from the man-page)... > Perhaps Matt Kettler has a better clue... My impression is why bother ignoring the Received: headers? As long as your trusted/internal networks is set correctly bayes should be able to deal with extra Received: headers just fine. From listacct at tulsaconnect.com Tue Feb 14 16:27:38 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Tue Feb 14 16:29:36 2006 Subject: More 4.50.15 woes on FreeBSD - Update In-Reply-To: <43F0C7C3.3050901@tulsaconnect.com> References: <43F0C7C3.3050901@tulsaconnect.com> Message-ID: <43F204FA.5000408@tulsaconnect.com> TCIS List Acct wrote: > FWIW, I just upgraded to 4.48.4-2 and am not seeing the issue. I'll try > 4.49.7-1 next (as it appears to be where the "speedup code" was first > implemented). Ok, I went to 4.49.7 and the problem occurred just like it does in 4.50.15. So, the code that changed between 4.48.4 and 4.49.7 is the code at issue (if that helps narrow it down any). -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From JBrault at scotforge.com Tue Feb 14 16:30:53 2006 From: JBrault at scotforge.com (Jason Brault) Date: Tue Feb 14 16:30:59 2006 Subject: mailscanner-mrtg history Message-ID: Up front...sorry if this has been answered already, or If its so ridiculously obvious that I should know it! I'm using mailscanner-mrtg for the first time, and love it. I'm curious of one thing though, the historical information. From what I've been able to determine, mailscanner-mrtg polls all of the various components of mailscanner (CPU, Network, Virus/Spam counts, etc.) and then stores values in the web directory that are used to make the graphs. If this is the case, are these numbers more or less static so that they'll continue to be used long after my mail logs are rotated? Again, sorry for a simple question, just trying to piece it all together on my limited knowledge =). -Jason --------------- Jason Brault Communications Administrator - Scot Forge Company 8001 Winn Rd., Spring Grove, IL. 60081 Phone: (815) 675-4247 Fax: (815) 675-4129 Email: jbrault@scotforge.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060214/22c87c90/attachment.html From mikej at rogers.com Tue Feb 14 16:37:39 2006 From: mikej at rogers.com (Mike Jakubik) Date: Tue Feb 14 16:37:23 2006 Subject: More 4.50.15 woes on FreeBSD - Update In-Reply-To: <43F204FA.5000408@tulsaconnect.com> References: <43F0C7C3.3050901@tulsaconnect.com> <43F204FA.5000408@tulsaconnect.com> Message-ID: <43F20753.8010404@rogers.com> TCIS List Acct wrote: > > > TCIS List Acct wrote: > >> FWIW, I just upgraded to 4.48.4-2 and am not seeing the issue. I'll >> try 4.49.7-1 next (as it appears to be where the "speedup code" was >> first implemented). > > Ok, I went to 4.49.7 and the problem occurred just like it does in > 4.50.15. So, the code that changed between 4.48.4 and 4.49.7 is the > code at issue (if that helps narrow it down any). > It's funny how hundreds or even thousands of people are using the port version, and none of them have this problem. Personally i manage 5 servers that use freebsd and mailscanner, one of them is for an ISP, so the load is quite heavy, and they all work great. From mikej at rogers.com Tue Feb 14 16:39:35 2006 From: mikej at rogers.com (Mike Jakubik) Date: Tue Feb 14 16:39:14 2006 Subject: x86_64 mail servers In-Reply-To: <1139921866.3131.15.camel@lea.nerc-wallingford.ac.uk> References: <1139921866.3131.15.camel@lea.nerc-wallingford.ac.uk> Message-ID: <43F207C7.2070105@rogers.com> Greg Matthews wrote: > I've installed on a SMP Opteron box and the only stumbling block is that > Sophos AV is 32 bit only so you cant use the Sophos::SAVI libraries to > interface to it. Instead, you call sophos directly. > Did you know that you can run 64 bit and 32 bit binaries on an AMD64 cpu? Just enable your OS to do so. From listacct at tulsaconnect.com Tue Feb 14 17:03:14 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Tue Feb 14 17:05:11 2006 Subject: More 4.50.15 woes on FreeBSD - Update In-Reply-To: <43F20753.8010404@rogers.com> References: <43F0C7C3.3050901@tulsaconnect.com> <43F204FA.5000408@tulsaconnect.com> <43F20753.8010404@rogers.com> Message-ID: <43F20D52.2010909@tulsaconnect.com> Mike Jakubik wrote: > It's funny how hundreds or even thousands of people are using the port > version, and none of them have this problem. Personally i manage 5 > servers that use freebsd and mailscanner, one of them is for an ISP, so > the load is quite heavy, and they all work great. Wow, thanks for the insight. I'm perfectly willing to admit that it may be something specific to my installation, however, I've tried every suggestion thus far (including installing from ports) with no success. I'm not a newbie, and have been running MS for many years (likely longer than most), so if you don't have anything constructive to add, please don't waste the bandwidth. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From listacct at tulsaconnect.com Tue Feb 14 17:13:23 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Tue Feb 14 17:15:20 2006 Subject: More 4.50.15 woes on FreeBSD - Update In-Reply-To: <43F204FA.5000408@tulsaconnect.com> References: <43F0C7C3.3050901@tulsaconnect.com> <43F204FA.5000408@tulsaconnect.com> Message-ID: <43F20FB3.5040400@tulsaconnect.com> TCIS List Acct wrote: > Ok, I went to 4.49.7 and the problem occurred just like it does in > 4.50.15. So, the code that changed between 4.48.4 and 4.49.7 is the > code at issue (if that helps narrow it down any). Here is a ps -aux | grep MailScanner from my latest test: 10:26AM MailScanner: checking with SpamAssassin (perl5.8.7) 10:26AM MailScanner: checking with SpamAssassin (perl5.8.7) 10:26AM MailScanner: checking with SpamAssassin (perl5.8.7) 10:26AM MailScanner: checking with SpamAssassin (perl5.8.7) 10:26AM MailScanner: checking with SpamAssassin (perl5.8.7) 10:26AM MailScanner: checking with SpamAssassin (perl5.8.7) 10:26AM MailScanner: checking with SpamAssassin (perl5.8.7) 10:26AM MailScanner: checking with SpamAssassin (perl5.8.7) 10:26AM MailScanner: checking with SpamAssassin (perl5.8.7) 10:26AM MailScanner: checking with Spam Lists (perl5.8.7) 10:26AM MailScanner: checking with Spam Lists (perl5.8.7) 10:26AM MailScanner: cleaning messages (perl5.8.7) 10:26AM MailScanner: checking with Spam Lists (perl5.8.7) 10:26AM MailScanner: checking with SpamAssassin (perl5.8.7) 10:26AM MailScanner: checking with Spam Lists (perl5.8.7) 10:26AM MailScanner: checking with SpamAssassin (perl5.8.7) 10:26AM MailScanner: checking with Spam Lists (perl5.8.7) 10:26AM MailScanner: cleaning messages (perl5.8.7) 10:26AM MailScanner: checking with SpamAssassin (perl5.8.7) 10:26AM MailScanner: checking with Spam Lists (perl5.8.7) 10:26AM MailScanner: checking with Spam Lists (perl5.8.7) 10:26AM MailScanner: checking with Spam Lists (perl5.8.7) 10:26AM MailScanner: checking with Spam Lists (perl5.8.7) 10:26AM MailScanner: checking with Spam Lists (perl5.8.7) 10:26AM MailScanner: checking with Spam Lists (perl5.8.7) 10:26AM MailScanner: checking with Spam Lists (perl5.8.7) 10:26AM MailScanner: checking with Spam Lists (perl5.8.7) 10:26AM MailScanner: checking with Spam Lists (perl5.8.7) 10:26AM MailScanner: checking with Spam Lists (perl5.8.7) 10:17AM MailScanner: virus scanning (perl5.8.7) 10:17AM MailScanner: virus scanning (perl5.8.7) 10:17AM MailScanner: checking with Spam Lists (perl5.8.7) 10:17AM MailScanner: checking with Spam Lists (perl5.8.7) 10:16AM MailScanner: checking with SpamAssassin (perl5.8.7) 10:16AM MailScanner: checking with SpamAssassin (perl5.8.7) 10:16AM MailScanner: extracting attachments (perl5.8.7) 10:16AM MailScanner: checking with Spam Lists (perl5.8.7) 10:16AM MailScanner: checking with Spam Lists (perl5.8.7) 10:15AM MailScanner: checking with Spam Lists (perl5.8.7) 10:15AM MailScanner: checking with Spam Lists (perl5.8.7) 10:15AM MailScanner: virus scanning (perl5.8.7) 10:15AM MailScanner: checking with Spam Lists (perl5.8.7) 10:15AM MailScanner: checking with Spam Lists (perl5.8.7) 10:15AM MailScanner: checking with SpamAssassin (perl5.8.7) 10:02AM MailScanner: checking with SpamAssassin (perl5.8.7) 10:02AM MailScanner: virus scanning (perl5.8.7) 10:02AM MailScanner: checking with Spam Lists (perl5.8.7) 10:02AM MailScanner: checking with Spam Lists (perl5.8.7) 10:01AM MailScanner: virus scanning (perl5.8.7) 10:01AM MailScanner: checking with Spam Lists (perl5.8.7) 10:01AM MailScanner: checking with SpamAssassin (perl5.8.7) 10:01AM MailScanner: waiting for messages (perl5.8.7) 10:01AM MailScanner: checking with SpamAssassin (perl5.8.7) 10:01AM MailScanner: checking with SpamAssassin (perl5.8.7) 10:00AM MailScanner: waiting for messages (perl5.8.7) 10:00AM MailScanner: checking with Spam Lists (perl5.8.7) 10:00AM MailScanner: virus scanning (perl5.8.7) 10:00AM MailScanner: checking with SpamAssassin (perl5.8.7) 10:00AM MailScanner: virus scanning (perl5.8.7) 9:47AM MailScanner: checking with SpamAssassin (perl5.8.7) 9:47AM MailScanner: checking with Spam Lists (perl5.8.7) 9:47AM MailScanner: waiting for messages (perl5.8.7) 9:47AM MailScanner: virus scanning (perl5.8.7) 9:47AM MailScanner: checking with SpamAssassin (perl5.8.7) 9:47AM MailScanner: checking with SpamAssassin (perl5.8.7) 9:46AM MailScanner: checking with SpamAssassin (perl5.8.7) 9:46AM MailScanner: checking with Spam Lists (perl5.8.7) 9:46AM MailScanner: checking with SpamAssassin (perl5.8.7) 9:46AM MailScanner: checking with SpamAssassin (perl5.8.7) 9:46AM MailScanner: waiting for messages (perl5.8.7) 9:45AM MailScanner: checking with Spam Lists (perl5.8.7) 9:45AM MailScanner: checking with SpamAssassin (perl5.8.7) 9:45AM MailScanner: checking with Spam Lists (perl5.8.7) 9:45AM MailScanner: checking with SpamAssassin (perl5.8.7) 0:00.00 MailScanner: master waiting for children, sleeping (perl5.8.7) 0:00.00 MailScanner: master waiting for children, sleeping (perl5.8.7) 0:00.00 MailScanner: master waiting for children, sleeping (perl5.8.7) I noted that there are several old processes that seem to be hanging -- I have it set to only allow virus scanners to run for 20 seconds, and SA to timeout within 20 seconds as well. It looks like some of the forked/child processes simply aren't dying out properly. Also, I don't do any attachment checking within MS, but I see the following: 10:16AM MailScanner: extracting attachments (perl5.8.7) I'm willing to try whatever I need to try to help track this down. Thanks! -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From DCurtis at sbschools.net Tue Feb 14 18:33:38 2006 From: DCurtis at sbschools.net (David Curtis) Date: Tue Feb 14 18:34:33 2006 Subject: spamassassinprefsfile Message-ID: I am running 4.49.7. 6 i686 i386 GNU/Linux This is Fedora Core release 4 (Stentz) This is Perl version 5.008006 (5.8.6) This is MailScanner version 4.49.7 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.32 HTML::Entities 3.48 HTML::Parser 2.35 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.03 MIME::QuotedPrint 5.419 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.08 Sys::Syslog 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.810 DB_File 1.10 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline missing Mail::ClamAV 3.001000 Mail::SpamAssassin 1.999 Mail::SPF::Query 0.19 Net::CIDR::Lite 0.53 Net::DNS 0.33 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.52 Test::Harness 0.6 Test::Simple 1.95 Text::Balanced 1.35 URI >>> dmehler26@woh.rr.com 2/13/2006 7:56:47 PM >>> Hi, I'm also seeing this error. This is on a FreeBSD6 box running MS 4.49.7 via ports. Thanks. Dave. ----- Original Message ----- From: "Scott Silva" To: Sent: Monday, February 13, 2006 7:22 PM Subject: Re: spamassassinprefsfile > David Curtis spake the following on 2/13/2006 10:31 AM: >> >> >> I have started to notice every time I start MailScanner I get this error >> in the log file: >> Feb 13 12:20:40 sbschools MailScanner[11352]: Unrecognised keyword >> "spamassassinprefsfile" at line 1404 >> Feb 13 12:20:40 sbschools MailScanner[11352]: Aborting due to syntax >> errors in /etc/MailScanner/MailScanner.conf >> >> I have changed the config file to point right to the spamassassin prefs >> file (/etc/MailScanner/spam.assassin.prefs.conf) and I still get this >> error. >> Any advice would be great. >> Thanks. > > Which version of MailScanner. If 4.50-15, that option is no longer used. > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060214/0f618110/attachment.html From jd at bentecmed.com Tue Feb 14 18:34:10 2006 From: jd at bentecmed.com (JD Doelitzsch) Date: Tue Feb 14 18:38:31 2006 Subject: Mailscanner + sendmail running really slow. In-Reply-To: <43F20FB3.5040400@tulsaconnect.com> Message-ID: When I telnet to my MS box there is a 30 second delay before it gives me the 220. After every command therer is also a long delay. What could be causing this? im at 70% disk space usage which was my first thought, but im not sure. Does anyone have an idea? -JD From rpoe at plattesheriff.org Tue Feb 14 18:59:20 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Tue Feb 14 18:59:45 2006 Subject: Mailscanner + sendmail running really slow. In-Reply-To: References: <43F20FB3.5040400@tulsaconnect.com> Message-ID: <43F1D42E.65ED.00A2.0@plattesheriff.org> What's your utilization? Send me the IP (privately) and I'll try it too if you want. >>> jd@bentecmed.com 2/14/2006 12:34:10 pm >>> When I telnet to my MS box there is a 30 second delay before it gives me the 220. After every command therer is also a long delay. What could be causing this? im at 70% disk space usage which was my first thought, but im not sure. Does anyone have an idea? -JD -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From rpoe at plattesheriff.org Tue Feb 14 19:03:46 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Tue Feb 14 19:04:00 2006 Subject: Mailscanner + sendmail running really slow. In-Reply-To: References: <43F20FB3.5040400@tulsaconnect.com> Message-ID: <43F1D538.65ED.00A2.0@plattesheriff.org> Nevermind .. found it on my own :) What's your load on the box, what kind of drive, what volume? >>> jd@bentecmed.com 2/14/2006 12:34:10 pm >>> When I telnet to my MS box there is a 30 second delay before it gives me the 220. After every command therer is also a long delay. What could be causing this? im at 70% disk space usage which was my first thought, but im not sure. Does anyone have an idea? -JD -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From dnsadmin at 1bigthink.com Tue Feb 14 19:04:17 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Tue Feb 14 19:04:27 2006 Subject: Mailscanner + sendmail running really slow. In-Reply-To: References: <43F20FB3.5040400@tulsaconnect.com> Message-ID: <6.2.3.4.0.20060214140307.05497660@mxt.1bigthink.com> At 01:34 PM 2/14/2006, you wrote: >When I telnet to my MS box there is a 30 second delay before it gives me the >220. After every command therer is also a long delay. What could be causing >this? im at 70% disk space usage which was my first thought, but im not >sure. Does anyone have an idea? > >-JD Sounds like a DNS error, which I've experienced in the past. Explore this avenue first, as the problem should show up pretty quickly and usually an easy fix. Cheers, Glenn From mike at vesol.com Tue Feb 14 19:08:42 2006 From: mike at vesol.com (Mike Kercher) Date: Tue Feb 14 19:08:58 2006 Subject: Mailscanner + sendmail running really slow. Message-ID: Could be DNS sluggishness. Does the IP you connect from via telnet have valid reverse DNS? Mike > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of JD Doelitzsch > Sent: Tuesday, February 14, 2006 12:34 PM > To: MailScanner discussion > Subject: Mailscanner + sendmail running really slow. > > When I telnet to my MS box there is a 30 second delay before > it gives me the 220. After every command therer is also a > long delay. What could be causing this? im at 70% disk space > usage which was my first thought, but im not sure. Does > anyone have an idea? > > -JD > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From rpoe at plattesheriff.org Tue Feb 14 19:29:29 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Tue Feb 14 19:29:52 2006 Subject: Mailscanner + sendmail running really slow. In-Reply-To: <6.2.3.4.0.20060214140307.05497660@mxt.1bigthink.com> References: <43F20FB3.5040400@tulsaconnect.com> <6.2.3.4.0.20060214140307.05497660@mxt.1bigthink.com> Message-ID: <43F1DB3E.65ED.00A2.0@plattesheriff.org> Usually I've seen DNS sluggishness when first connecting, but then everything is ok. His box is sluggish on EVERY command. I.E. not only the connect, but when you type helo domain.com or the mail from: rcpt to: commands .. slow on each of them. takes the data pretty quickly after that.. >>> dnsadmin@1bigthink.com 2/14/2006 1:04:17 pm >>> At 01:34 PM 2/14/2006, you wrote: >When I telnet to my MS box there is a 30 second delay before it gives me the >220. After every command therer is also a long delay. What could be causing >this? im at 70% disk space usage which was my first thought, but im not >sure. Does anyone have an idea? > >-JD Sounds like a DNS error, which I've experienced in the past. Explore this avenue first, as the problem should show up pretty quickly and usually an easy fix. Cheers, Glenn -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From dmehler26 at woh.rr.com Tue Feb 14 20:08:50 2006 From: dmehler26 at woh.rr.com (Dave) Date: Tue Feb 14 20:17:54 2006 Subject: spamassassinprefsfile References: Message-ID: <006901c631a2$79349530$0200a8c0@satellite> Hello, I still haven't resolved this issue, and i am unable to send authenticated email. I'm wondering if the two issues are related? Thanks. Dave. ----- Original Message ----- From: David Curtis To: mailscanner@lists.mailscanner.info Sent: Tuesday, February 14, 2006 1:33 PM Subject: Re: spamassassinprefsfile I am running 4.49.7. 6 i686 i386 GNU/Linux This is Fedora Core release 4 (Stentz) This is Perl version 5.008006 (5.8.6) This is MailScanner version 4.49.7 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.32 HTML::Entities 3.48 HTML::Parser 2.35 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.03 MIME::QuotedPrint 5.419 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.08 Sys::Syslog 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.810 DB_File 1.10 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline missing Mail::ClamAV 3.001000 Mail::SpamAssassin 1.999 Mail::SPF::Query 0.19 Net::CIDR::Lite 0.53 Net::DNS 0.33 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.52 Test::Harness 0.6 Test::Simple 1.95 Text::Balanced 1.35 URI >>> dmehler26@woh.rr.com 2/13/2006 7:56:47 PM >>> Hi, I'm also seeing this error. This is on a FreeBSD6 box running MS 4.49.7 via ports. Thanks. Dave. ----- Original Message ----- From: "Scott Silva" To: Sent: Monday, February 13, 2006 7:22 PM Subject: Re: spamassassinprefsfile > David Curtis spake the following on 2/13/2006 10:31 AM: >> >> >> I have started to notice every time I start MailScanner I get this error >> in the log file: >> Feb 13 12:20:40 sbschools MailScanner[11352]: Unrecognised keyword >> "spamassassinprefsfile" at line 1404 >> Feb 13 12:20:40 sbschools MailScanner[11352]: Aborting due to syntax >> errors in /etc/MailScanner/MailScanner.conf >> >> I have changed the config file to point right to the spamassassin prefs >> file (/etc/MailScanner/spam.assassin.prefs.conf) and I still get this >> error. >> Any advice would be great. >> Thanks. > > Which version of MailScanner. If 4.50-15, that option is no longer used. > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. ------------------------------------------------------------------------------ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060214/331e64c2/attachment.html From glenn.steen at gmail.com Tue Feb 14 20:25:37 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 14 20:25:41 2006 Subject: mailscanner behind a smtpd frontend In-Reply-To: <43F200F0.3070900@evi-inc.com> References: <1139820771.6757.19.camel@philipp.terreactive.ch> <223f97700602130145qcd13bedx@mail.gmail.com> <43F081B4.2000601@nkpanama.com> <223f97700602130515n5be4cf9by@mail.gmail.com> <43F08AE7.9080105@nkpanama.com> <1139842494.6757.41.camel@philipp.terreactive.ch> <43F0D67B.9050506@nkpanama.com> <223f97700602140110m131e7d4cw@mail.gmail.com> <43F200F0.3070900@evi-inc.com> Message-ID: <223f97700602141225i357d2a3ek@mail.gmail.com> On 14/02/06, Matt Kettler wrote: > Glenn Steen wrote: (snip) > > Problem 1 is that you can't really do that for all the Received > > lines... And the original problem is that adding such a line is an RFC > > MUST. Sigh. > > > > So unless one can do REs on it, you lose. Unfortunately, > > bayes_ignore_header doesn't seem to accept RE:s (from the man-page)... > > Perhaps Matt Kettler has a better clue... > > My impression is why bother ignoring the Received: headers? > > As long as your trusted/internal networks is set correctly bayes should be able > to deal with extra Received: headers just fine. Eh, I am obviously missing something here.... You are saying that although all external mail is received from that ("internal") host, Philipp should set it as trusted? -- Glenn From mkettler at evi-inc.com Tue Feb 14 20:36:24 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Feb 14 20:36:33 2006 Subject: mailscanner behind a smtpd frontend In-Reply-To: <223f97700602141225i357d2a3ek@mail.gmail.com> References: <1139820771.6757.19.camel@philipp.terreactive.ch> <223f97700602130145qcd13bedx@mail.gmail.com> <43F081B4.2000601@nkpanama.com> <223f97700602130515n5be4cf9by@mail.gmail.com> <43F08AE7.9080105@nkpanama.com> <1139842494.6757.41.camel@philipp.terreactive.ch> <43F0D67B.9050506@nkpanama.com> <223f97700602140110m131e7d4cw@mail.gmail.com> <43F200F0.3070900@evi-inc.com> <223f97700602141225i357d2a3ek@mail.gmail.com> Message-ID: <43F23F48.2040800@evi-inc.com> Glenn Steen wrote: > On 14/02/06, Matt Kettler wrote: >> Glenn Steen wrote: > (snip) >>> Problem 1 is that you can't really do that for all the Received >>> lines... And the original problem is that adding such a line is an RFC >>> MUST. Sigh. >>> >>> So unless one can do REs on it, you lose. Unfortunately, >>> bayes_ignore_header doesn't seem to accept RE:s (from the man-page)... >>> Perhaps Matt Kettler has a better clue... >> My impression is why bother ignoring the Received: headers? >> >> As long as your trusted/internal networks is set correctly bayes should be able >> to deal with extra Received: headers just fine. > Eh, I am obviously missing something here.... You are saying that > although all external mail is received from that ("internal") host, > Philipp should set it as trusted? > Yes.. You should trust all your mail servers that add Received: headers. Just because it acts as a mail relay for untrusted mail does not mean you should not trust the box itself. Trust here means trusted to not forge headers, and trusted to never originate spam. It does not mean it will never relay spam from other sources. As for SA, it will still see the mail as coming from an untrusted source. It will merely realize that there's a trusted relay in between. In fact, if you fail to trust the relay (and thus have it be internal), then SA is going to treat it as being "outside" your network. This will cause any tests that attempt to apply to the first external host to be applied to the relay instead of the proper outside host. From glenn.steen at gmail.com Tue Feb 14 20:43:08 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 14 20:43:15 2006 Subject: mailscanner behind a smtpd frontend In-Reply-To: <43F23F48.2040800@evi-inc.com> References: <1139820771.6757.19.camel@philipp.terreactive.ch> <43F081B4.2000601@nkpanama.com> <223f97700602130515n5be4cf9by@mail.gmail.com> <43F08AE7.9080105@nkpanama.com> <1139842494.6757.41.camel@philipp.terreactive.ch> <43F0D67B.9050506@nkpanama.com> <223f97700602140110m131e7d4cw@mail.gmail.com> <43F200F0.3070900@evi-inc.com> <223f97700602141225i357d2a3ek@mail.gmail.com> <43F23F48.2040800@evi-inc.com> Message-ID: <223f97700602141243j4de50a95l@mail.gmail.com> On 14/02/06, Matt Kettler wrote: > Glenn Steen wrote: > > On 14/02/06, Matt Kettler wrote: > >> Glenn Steen wrote: > > (snip) > >>> Problem 1 is that you can't really do that for all the Received > >>> lines... And the original problem is that adding such a line is an RFC > >>> MUST. Sigh. > >>> > >>> So unless one can do REs on it, you lose. Unfortunately, > >>> bayes_ignore_header doesn't seem to accept RE:s (from the man-page)... > >>> Perhaps Matt Kettler has a better clue... > >> My impression is why bother ignoring the Received: headers? > >> > >> As long as your trusted/internal networks is set correctly bayes should be able > >> to deal with extra Received: headers just fine. > > Eh, I am obviously missing something here.... You are saying that > > although all external mail is received from that ("internal") host, > > Philipp should set it as trusted? > > > > Yes.. You should trust all your mail servers that add Received: headers. Just > because it acts as a mail relay for untrusted mail does not mean you should not > trust the box itself. > > Trust here means trusted to not forge headers, and trusted to never originate > spam. It does not mean it will never relay spam from other sources. > > As for SA, it will still see the mail as coming from an untrusted source. It > will merely realize that there's a trusted relay in between. > > In fact, if you fail to trust the relay (and thus have it be internal), then SA > is going to treat it as being "outside" your network. This will cause any tests > that attempt to apply to the first external host to be applied to the relay > instead of the proper outside host. > Thank you. Somesay I'll actually undersatnd this SA stuff... with this explanation, that day might even be today:-) ... And that neatly solves all the real and imagined(:-) problems Philipp have. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Feb 14 20:46:42 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 14 20:46:47 2006 Subject: mailscanner behind a smtpd frontend In-Reply-To: <223f97700602141243j4de50a95l@mail.gmail.com> References: <1139820771.6757.19.camel@philipp.terreactive.ch> <223f97700602130515n5be4cf9by@mail.gmail.com> <43F08AE7.9080105@nkpanama.com> <1139842494.6757.41.camel@philipp.terreactive.ch> <43F0D67B.9050506@nkpanama.com> <223f97700602140110m131e7d4cw@mail.gmail.com> <43F200F0.3070900@evi-inc.com> <223f97700602141225i357d2a3ek@mail.gmail.com> <43F23F48.2040800@evi-inc.com> <223f97700602141243j4de50a95l@mail.gmail.com> Message-ID: <223f97700602141246l1579bf7av@mail.gmail.com> On 14/02/06, Glenn Steen wrote: (snip) > Thank you. Somesay I'll actually undersatnd this SA stuff... with this Some say that some day ... I'll even learn to type properly:-):-) ... These portable computers simply have to small keyboards... Oh well. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mkettler at evi-inc.com Tue Feb 14 21:03:26 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Feb 14 21:03:33 2006 Subject: mailscanner behind a smtpd frontend (trusted_networks and internal_networks) In-Reply-To: <223f97700602141243j4de50a95l@mail.gmail.com> References: <1139820771.6757.19.camel@philipp.terreactive.ch> <43F081B4.2000601@nkpanama.com> <223f97700602130515n5be4cf9by@mail.gmail.com> <43F08AE7.9080105@nkpanama.com> <1139842494.6757.41.camel@philipp.terreactive.ch> <43F0D67B.9050506@nkpanama.com> <223f97700602140110m131e7d4cw@mail.gmail.com> <43F200F0.3070900@evi-inc.com> <223f97700602141225i357d2a3ek@mail.gmail.com> <43F23F48.2040800@evi-inc.com> <223f97700602141243j4de50a95l@mail.gmail.com> Message-ID: <43F2459E.5060304@evi-inc.com> Glenn Steen wrote: > Thank you. Somesay I'll actually undersatnd this SA stuff... with this > explanation, that day might even be today:-) Generally speaking, for most people trusted=internal=all your IPs. The only common exception is if you have a relay that you operate which must receive mail directly from dynamic/dialup users (ie: without being relayed through the ISP mailserver but directly delivered to your box using pop-before smtp or smtp AUTH). In that case you'd still trust that relay, but you'd have to declare a separate internal_networks which excluded it. Otherwise all the HELO_DYNAMIC and dialup RBL rules would fire off. I'd advise against deviating away from those two usage scenarios unless you really understand trusted/internal networks in-depth. Many admins over-react to the word "trusted" and try to trust nothing. But that's impossible, SA always has to trust something. Let's face it, if you can't even trust yourself, how can you tell what's real and not? Trust is really important to SA. It helps it know that certain Received: headers aren't forged, and therefore can be used to make decisions about where the mail came from. Trust and Internal status affects the behavior of about 2 dozen rules in SA 3.1.0. From Denis.Beauchemin at USherbrooke.ca Tue Feb 14 21:34:56 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Feb 14 21:35:38 2006 Subject: My server is blacklisted by SpamCop again! Message-ID: <43F24D00.2000002@USherbrooke.ca> Hello all, What do you do when one of your servers gets listed by SC because it sent an email to one of their spam traps? It happened to one of my servers last Friday and it happened again with a different server today! What's most frustrating is the fact that they don't give me any information I could use to pinpoint the PC that sent this through my server :-( ! And my servers NEVER send out SPAM because I reject it (only internal servers do this, don't flame me ;-) ) Today I set a SMART_HOST on the listed server to force it to send its outgoing mail through another server... but I risk getting this other server listed as well... They really are a pain in the ... >:o Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060214/3fb7633f/smime.bin From spamtrap71892316634 at anime.net Tue Feb 14 21:43:44 2006 From: spamtrap71892316634 at anime.net (Dan Hollis) Date: Tue Feb 14 21:43:46 2006 Subject: My server is blacklisted by SpamCop again! In-Reply-To: <43F24D00.2000002@USherbrooke.ca> References: <43F24D00.2000002@USherbrooke.ca> Message-ID: On Tue, 14 Feb 2006, Denis Beauchemin wrote: > What do you do when one of your servers gets listed by SC because it sent an > email to one of their spam traps? It happened to one of my servers last > Friday and it happened again with a different server today! this is the mailscanner list, not the spamcop list. -Dan From sailer at bnl.gov Tue Feb 14 21:44:09 2006 From: sailer at bnl.gov (Tim Sailer) Date: Tue Feb 14 21:44:18 2006 Subject: My server is blacklisted by SpamCop again! In-Reply-To: <43F24D00.2000002@USherbrooke.ca> References: <43F24D00.2000002@USherbrooke.ca> Message-ID: <20060214214409.GA21559@bnl.gov> On Tue, Feb 14, 2006 at 04:34:56PM -0500, Denis Beauchemin wrote: > Hello all, > > What do you do when one of your servers gets listed by SC because it > sent an email to one of their spam traps? It happened to one of my > servers last Friday and it happened again with a different server today! > > What's most frustrating is the fact that they don't give me any > information I could use to pinpoint the PC that sent this through my > server :-( ! And my servers NEVER send out SPAM because I reject it > (only internal servers do this, don't flame me ;-) ) I've seen this happen when they forge a return path to the spamtrap, and send email that would bounce. Right to the spam trap, and you're toast for 30+ days Tim -- Tim Sailer Information and Special Technologies Program Northeast Regional Counterintelligence Office Brookhaven National Laboratory (631) 344-3001 From mkettler at evi-inc.com Tue Feb 14 21:47:40 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Feb 14 21:47:55 2006 Subject: My server is blacklisted by SpamCop again! In-Reply-To: <43F24D00.2000002@USherbrooke.ca> References: <43F24D00.2000002@USherbrooke.ca> Message-ID: <43F24FFC.2030203@evi-inc.com> Denis Beauchemin wrote: > Hello all, > > What do you do when one of your servers gets listed by SC because it > sent an email to one of their spam traps? It happened to one of my > servers last Friday and it happened again with a different server today! Any chance that server is a forwarder for inbound mail? If so, does it verify the user exists before accepting the message? Or does it queue and let it bounce when it tries to forward the message? > What's most frustrating is the fact that they don't give me any > information I could use to pinpoint the PC that sent this through my > server :-( ! And my servers NEVER send out SPAM because I reject it > (only internal servers do this, don't flame me ;-) ) There's NOTHING wrong with rejecting spam (ie: generating a 550 at the end of the SMTP DATA phase). Only post-delivery bouncing (ie: generating a DSN and sending it to the Return-Path) is a bad idea for spam. From mkettler at evi-inc.com Tue Feb 14 21:55:48 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Feb 14 21:55:57 2006 Subject: My server is blacklisted by SpamCop again! In-Reply-To: <20060214214409.GA21559@bnl.gov> References: <43F24D00.2000002@USherbrooke.ca> <20060214214409.GA21559@bnl.gov> Message-ID: <43F251E4.5040808@evi-inc.com> Tim Sailer wrote: > On Tue, Feb 14, 2006 at 04:34:56PM -0500, Denis Beauchemin wrote: >> Hello all, >> >> What do you do when one of your servers gets listed by SC because it >> sent an email to one of their spam traps? It happened to one of my >> servers last Friday and it happened again with a different server today! >> >> What's most frustrating is the fact that they don't give me any >> information I could use to pinpoint the PC that sent this through my >> server :-( ! And my servers NEVER send out SPAM because I reject it >> (only internal servers do this, don't flame me ;-) ) > > I've seen this happen when they forge a return path to the spamtrap, > and send email that would bounce. Right to the spam trap, and you're > toast for 30+ days 30+ days??? 132.210.244.93 has been listed for less than 24 hours and is scheduled for de-listing in 14 hours. Generally spamcop delists 24 hours after the last report arrives.. What happened that you encountered a 30-day listing?? From sailer at bnl.gov Tue Feb 14 22:13:37 2006 From: sailer at bnl.gov (Tim Sailer) Date: Tue Feb 14 22:13:53 2006 Subject: My server is blacklisted by SpamCop again! In-Reply-To: <43F251E4.5040808@evi-inc.com> References: <43F24D00.2000002@USherbrooke.ca> <20060214214409.GA21559@bnl.gov> <43F251E4.5040808@evi-inc.com> Message-ID: <20060214221337.GA4971@bnl.gov> On Tue, Feb 14, 2006 at 04:55:48PM -0500, Matt Kettler wrote: > Tim Sailer wrote: > > On Tue, Feb 14, 2006 at 04:34:56PM -0500, Denis Beauchemin wrote: > >> Hello all, > >> > >> What do you do when one of your servers gets listed by SC because it > >> sent an email to one of their spam traps? It happened to one of my > >> servers last Friday and it happened again with a different server today! > >> > >> What's most frustrating is the fact that they don't give me any > >> information I could use to pinpoint the PC that sent this through my > >> server :-( ! And my servers NEVER send out SPAM because I reject it > >> (only internal servers do this, don't flame me ;-) ) > > > > I've seen this happen when they forge a return path to the spamtrap, > > and send email that would bounce. Right to the spam trap, and you're > > toast for 30+ days > > 30+ days??? > > 132.210.244.93 has been listed for less than 24 hours and is scheduled for > de-listing in 14 hours. > > > Generally spamcop delists 24 hours after the last report arrives.. > > What happened that you encountered a 30-day listing?? It wasn't me. :) But, it was a crapload of bounces, from what I could see in the server logs, across many days (4 or 5, IIRC). Seems like the SC folks were less than amused. I got into this because the machine I was managing was the secondry MX, and when they took their server offline to 'fix' things, I got all their mail queued up. Tim -- Tim Sailer Information and Special Technologies Program Northeast Regional Counterintelligence Office Brookhaven National Laboratory (631) 344-3001 From mkettler at evi-inc.com Tue Feb 14 22:31:47 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Feb 14 22:31:55 2006 Subject: My server is blacklisted by SpamCop again! In-Reply-To: <20060214221337.GA4971@bnl.gov> References: <43F24D00.2000002@USherbrooke.ca> <20060214214409.GA21559@bnl.gov> <43F251E4.5040808@evi-inc.com> <20060214221337.GA4971@bnl.gov> Message-ID: <43F25A53.3030007@evi-inc.com> Tim Sailer wrote: > On Tue, Feb 14, 2006 at 04:55:48PM -0500, Matt Kettler wrote: >> Tim Sailer wrote: >>> On Tue, Feb 14, 2006 at 04:34:56PM -0500, Denis Beauchemin wrote: >>>> Hello all, >>>> >>>> What do you do when one of your servers gets listed by SC because it >>>> sent an email to one of their spam traps? It happened to one of my >>>> servers last Friday and it happened again with a different server today! >>>> >>>> What's most frustrating is the fact that they don't give me any >>>> information I could use to pinpoint the PC that sent this through my >>>> server :-( ! And my servers NEVER send out SPAM because I reject it >>>> (only internal servers do this, don't flame me ;-) ) >>> I've seen this happen when they forge a return path to the spamtrap, >>> and send email that would bounce. Right to the spam trap, and you're >>> toast for 30+ days >> 30+ days??? >> >> 132.210.244.93 has been listed for less than 24 hours and is scheduled for >> de-listing in 14 hours. >> >> >> Generally spamcop delists 24 hours after the last report arrives.. >> >> What happened that you encountered a 30-day listing?? > > It wasn't me. :) But, it was a crapload of bounces, from what I > could see in the server logs, across many days (4 or 5, IIRC). Seems > like the SC folks were less than amused. I got into this because the machine > I was managing was the secondry MX, and when they took their server offline > to 'fix' things, I got all their mail queued up. > Yeah, that's a bad thing which definitely should have had you listed until the problem was fixed. Still, that shouldn't have caused a 30-day listing.. The only justifiable reason I could see for a 30-day is if they actually tried to contact you and got a bounce back for every address they tried (ie: postmaster and abuse). In that case... well... From Denis.Beauchemin at USherbrooke.ca Tue Feb 14 23:40:05 2006 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Feb 14 23:40:19 2006 Subject: My server is blacklisted by SpamCop again! In-Reply-To: <20060214214409.GA21559@bnl.gov> References: <43F24D00.2000002@USherbrooke.ca> <20060214214409.GA21559@bnl.gov> Message-ID: <43F26A55.8010907@USherbrooke.ca> Tim Sailer a ?crit : >On Tue, Feb 14, 2006 at 04:34:56PM -0500, Denis Beauchemin wrote: > > >>Hello all, >> >>What do you do when one of your servers gets listed by SC because it >>sent an email to one of their spam traps? It happened to one of my >>servers last Friday and it happened again with a different server today! >> >>What's most frustrating is the fact that they don't give me any >>information I could use to pinpoint the PC that sent this through my >>server :-( ! And my servers NEVER send out SPAM because I reject it >>(only internal servers do this, don't flame me ;-) ) >> >> > >I've seen this happen when they forge a return path to the spamtrap, >and send email that would bounce. Right to the spam trap, and you're >toast for 30+ days > >Tim > > > Tim, My servers don't accept mail from outside our University (blocked by iptables). Emails could have entered from some other server on the campus and relayed to my servers, though... but would not have made it back to the outside world unless perfectly clean! Fortunately, they blacklist for *only* 24 hours when something hits their smap traps... Denis -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3226 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060214/27835b23/smime.bin From brent.addis at pronet.co.nz Wed Feb 15 03:55:08 2006 From: brent.addis at pronet.co.nz (Brent Addis) Date: Wed Feb 15 03:55:31 2006 Subject: exim4 / mailscanner 4.50.15 spool issues Message-ID: <43F2A61C.5080109@pronet.co.nz> Hi, I seem to be getting a few spool issues with exim4 / mailscanner. We are currently only running a fairly small setup, processing roughly 1500 messages a day. however, we get ocassional error such as: 2006-02-15 09:08:09 1F96Sn-0003Ot-8X Spool file 1F96Sn-0003Ot-8X-D not found in our exim mainlog. I have exim using differing incoming/outgoing directories. It seems sort of random. Out of 1500 messages processes, it has happened with 6. All at varying times, all from varying senders. None are spam nor viruses. MailScanner version 4.50.15 & Exim 4.50 a MailScanner --lint finds no issues. Does anyone have any ideas? MailScanner -v below : Running on Linux PROHOST113 2.6.14.3 #1 SMP Wed Dec 14 09:25:32 NZDT 2005 i686 GNU/Linux This is Perl version 5.008007 (5.8.7) This is MailScanner version 4.50.15 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.04 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.07 File::Path 0.16 File::Temp 1.32 HTML::Entities 3.48 HTML::Parser 2.35 HTML::TokeParser 1.21 IO 1.11 IO::File 1.123 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.03 MIME::QuotedPrint 5.419 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.06 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.811 DB_File 1.11 DBD::SQLite 1.50 DBI 1.10 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline missing Mail::ClamAV 3.000003 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.2 Sys::Hostname::Long 2.48 Test::Harness 0.54 Test::Simple 1.95 Text::Balanced 1.35 URI -- Regards, Brent Addis Technical Account Manager Pronet Internet NZ LTD Mobile: 021 723 612 From Jan-Peter.Koopmann at seceidos.de Wed Feb 15 07:15:40 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Wed Feb 15 07:15:41 2006 Subject: More 4.50.15 woes on FreeBSD - Update Message-ID: On Tuesday, February 14, 2006 6:03 PM TCIS List Acct wrote: > Wow, thanks for the insight. He is right though. > I'm perfectly willing to admit that it may be something specific to > my installation, however, I've tried every suggestion thus far > (including installing from ports) with no success. You have? Installed _everything_ with ports that is? All I can tell you is that I had a very similar problem with 4.49 until I decided to portupgrade all vital ports that my MailScanner port depends on, mainly all p5- ports. And the problem vanished immediatly! So let me ask you again: Have you tried a clean install, made sure you got rid of all manually installed perl modules etc. and setup everyting with ports only? Kind regards, JP From philipp.snizek at terreactive.ch Wed Feb 15 09:04:07 2006 From: philipp.snizek at terreactive.ch (Philipp Snizek) Date: Wed Feb 15 09:04:17 2006 Subject: mailscanner behind a smtpd frontend (trusted_networks and internal_networks) In-Reply-To: <43F2459E.5060304@evi-inc.com> References: <1139820771.6757.19.camel@philipp.terreactive.ch> <43F081B4.2000601@nkpanama.com> <223f97700602130515n5be4cf9by@mail.gmail.com> <43F08AE7.9080105@nkpanama.com> <1139842494.6757.41.camel@philipp.terreactive.ch> <43F0D67B.9050506@nkpanama.com> <223f97700602140110m131e7d4cw@mail.gmail.com> <43F200F0.3070900@evi-inc.com> <223f97700602141225i357d2a3ek@mail.gmail.com> <43F23F48.2040800@evi-inc.com> <223f97700602141243j4de50a95l@mail.gmail.com> <43F2459E.5060304@evi-inc.com> Message-ID: <1139994247.14363.20.camel@philipp.terreactive.ch> Dear all That's very good news. Thanks for your input and the discussion. Philipp On Tue, 2006-02-14 at 16:03 -0500, Matt Kettler wrote: > Glenn Steen wrote: > > Thank you. Somesay I'll actually undersatnd this SA stuff... with this > > explanation, that day might even be today:-) > > Generally speaking, for most people trusted=internal=all your IPs. > > The only common exception is if you have a relay that you operate which must > receive mail directly from dynamic/dialup users (ie: without being relayed > through the ISP mailserver but directly delivered to your box using pop-before > smtp or smtp AUTH). > > In that case you'd still trust that relay, but you'd have to declare a separate > internal_networks which excluded it. Otherwise all the HELO_DYNAMIC and dialup > RBL rules would fire off. > > I'd advise against deviating away from those two usage scenarios unless you > really understand trusted/internal networks in-depth. > > Many admins over-react to the word "trusted" and try to trust nothing. But > that's impossible, SA always has to trust something. Let's face it, if you can't > even trust yourself, how can you tell what's real and not? > > Trust is really important to SA. It helps it know that certain Received: headers > aren't forged, and therefore can be used to make decisions about where the mail > came from. > > Trust and Internal status affects the behavior of about 2 dozen rules in SA 3.1.0. > From philipp.snizek at terreactive.ch Wed Feb 15 15:26:10 2006 From: philipp.snizek at terreactive.ch (Philipp Snizek) Date: Wed Feb 15 15:26:18 2006 Subject: queue problems Message-ID: <1140017170.14363.87.camel@philipp.terreactive.ch> Hi all I'm running here a mail system with exim4.6/MailScanner 4.49-7.1/SA 3.1 on a Suse 8.2 Linux. I have this behaviour: Certain mails get scanned twice by MailScanner/SA. This seems to happen when the load on the system is a bit higher, for example 5-15 mails are waiting in the MailScanner queue. The headers of these mails get stuck in the exim-out queue as lost files while the very same processed emails get delivered normally. On a normal day this mail system has a load of 9000 emails. Hardware most likely is not the issue here as the box is a Dual Xeon 2.4GHz with 1 GB Ram. Swap space is not used. Have you made similar experiences? If you have and you know a way out please let me know. Thanks in advance Best regards, Philippp From ka at pacific.net Wed Feb 15 16:43:49 2006 From: ka at pacific.net (Ken A) Date: Wed Feb 15 16:43:53 2006 Subject: queue problems In-Reply-To: <1140017170.14363.87.camel@philipp.terreactive.ch> References: <1140017170.14363.87.camel@philipp.terreactive.ch> Message-ID: <43F35A45.2030008@pacific.net> lock type = posix in mailscanner.conf ? That's really a low volume of mail, and there should be no problems related to load. Ken A. Philipp Snizek wrote: > Hi all > > I'm running here a mail system with exim4.6/MailScanner 4.49-7.1/SA 3.1 > on a Suse 8.2 Linux. I have this behaviour: > > Certain mails get scanned twice by MailScanner/SA. This seems to happen > when the load on the system is a bit higher, for example 5-15 mails are > waiting in the MailScanner queue. The headers of these mails get stuck > in the exim-out queue as lost files while the very same processed emails > get delivered normally. > > On a normal day this mail system has a load of 9000 emails. > > Hardware most likely is not the issue here as the box is a Dual Xeon > 2.4GHz with 1 GB Ram. Swap space is not used. > > Have you made similar experiences? > If you have and you know a way out please let me know. > > Thanks in advance > > Best regards, > Philippp > > > > From smf at f2s.com Wed Feb 15 16:47:44 2006 From: smf at f2s.com (Steve Freegard) Date: Wed Feb 15 16:44:16 2006 Subject: More 4.50.15 woes on FreeBSD - Update In-Reply-To: <43F20FB3.5040400@tulsaconnect.com> References: <43F0C7C3.3050901@tulsaconnect.com> <43F204FA.5000408@tulsaconnect.com> <43F20FB3.5040400@tulsaconnect.com> Message-ID: <1140022064.16590.338.camel@localhost.localdomain> On Tue, 2006-02-14 at 11:13 -0600, TCIS List Acct wrote: > Also, I don't > do any attachment checking within MS, but I see the following: > > 10:16AM MailScanner: extracting attachments (perl5.8.7) MailScanner has to extract all attachments prior to Virus Scanning - doesn't matter if you don't do any other checks on them. Regards, Steve. From greg at rowes.org Wed Feb 15 18:12:22 2006 From: greg at rowes.org (Greg Rowe) Date: Wed Feb 15 18:01:38 2006 Subject: Convert HTML Question Message-ID: Greetings, I have an existing MailScanner installation running as a gateway for multiple domains into backend mail servers. Current version is 4.45.4, but planning to upgrade to 4.50.15 this weekend. One new domain that the MailScanner systems accepts mail for gets relayed to a vendor paging service after processing. The paging service can only accept pure text messages and rejects any message containing MIME or HTML. Unfortunately a large number of the people sending to this domain are on OutLook and use HTML by default. The paging service also returns a meaningless error message to the sender if it encounters HTML or MIME tags. Using the Convert HTML To Text rule in MailScanner works great for messages destined to that domain to strip the HTML, but the MIME tags are still contained in the message, and message body text is repeated: > This is a multi-part message in MIME format. > ------_=_NextPart_001_01C63248.6B567FBD > Content-Type: text/plain; > charset="US-ASCII" > Content-Transfer-Encoding: quoted-printable > > This is a test page > > ------_=_NextPart_001_01C63248.6B567FBD > Content-type: text/plain; charset="US-ASCII" > Content-Transfer-Encoding: quoted-printable > > This is a test page > > ------_=_NextPart_001_01C63248.6B567FBD-- Any ideas as far as a best solution to stripping out all the MIME and HTML and being left with just the message body text ? Thanks, Greg From listacct at tulsaconnect.com Wed Feb 15 18:19:05 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Wed Feb 15 18:21:01 2006 Subject: More 4.50.15 woes on FreeBSD - Update In-Reply-To: References: Message-ID: <43F37099.3070202@tulsaconnect.com> Koopmann, Jan-Peter wrote: > You have? Installed _everything_ with ports that is? All I can tell you > is that I had a very similar problem with 4.49 until I decided to > portupgrade all vital ports that my MailScanner port depends on, mainly > all p5- ports. And the problem vanished immediatly! > > So let me ask you again: Have you tried a clean install, made sure you > got rid of all manually installed perl modules etc. and setup everyting > with ports only? JP, I installed everything with ports this morning, including SpamAssassin: Feb 15 07:55 p5-Archive-Zip-1.16 Feb 15 07:55 p5-Compress-Zlib-1.41 Feb 15 08:07 p5-Convert-BinHex-1.119 Feb 15 08:07 p5-Convert-TNEF-0.17 Feb 15 08:07 p5-DBD-SQLite-1.11_1 Feb 15 08:07 p5-DBI-1.50 Feb 15 07:54 p5-ExtUtils-MakeMaker-6.30_1 Feb 15 07:55 p5-File-Temp-0.16_3 Feb 15 07:54 p5-Getopt-Long-2.35 Feb 15 08:13 p5-HTML-Parser-3.49_2 Feb 15 08:08 p5-HTML-Tagset-3.10 Feb 15 08:07 p5-IO-stringy-2.110 Feb 15 08:07 p5-MIME-Base64-3.07 Feb 15 08:07 p5-MIME-Tools-5.419,2 Feb 15 08:13 p5-Mail-SpamAssassin-3.1.0_6 Feb 15 08:07 p5-Mail-Tools-1.73 Feb 15 08:09 p5-Net-CIDR-0.11 Feb 15 08:13 p5-Net-DNS-0.55 Feb 15 07:55 p5-PathTools-3.16 Feb 15 07:55 p5-Scalar-List-Utils-1.18,1 Feb 15 08:07 p5-Storable-2.15 Feb 15 07:55 p5-Test-Harness-2.56 Feb 15 07:55 p5-Test-Simple-0.62 Feb 15 08:09 p5-Time-HiRes-1.87,1 Feb 15 08:09 p5-TimeDate-1.16,1 Feb 12 08:57 perl-5.8.7_2 It did run for a longer period of time before spiraling out of control, but the problem did re-occur. It definitely happens soonest on the boxes that are more heavily loaded. Here is my MailScanner.conf: %org-name% = x %org-long-name% = x %web-site% = x %etc-dir% = /opt/MailScanner/etc %report-dir% = /opt/MailScanner/etc/reports/en %rules-dir% = /opt/MailScanner/etc/rules %mcp-dir% = /opt/MailScanner/etc/mcp Max Children = 5 Run As User = Run As Group = Queue Scan Interval = 5 Incoming Queue Dir = /var/spool/exim_incoming/input/* Outgoing Queue Dir = /var/spool/exim/input Incoming Work Dir = /var/spool/MailScanner/incoming Quarantine Dir = /var/spool/MailScanner/quarantine PID file = /opt/MailScanner/var/MailScanner.pid Restart Every = 14400 MTA = exim Sendmail = /usr/local/sbin/exim -C /usr/local/etc/exim/configure_outgoing Sendmail2 = /usr/local/sbin/exim -C /usr/local/etc/exim/configure_outgoing Incoming Work User = Incoming Work Group = Incoming Work Permissions = 0600 Quarantine User = Quarantine Group = Quarantine Permissions = 0600 Max Unscanned Bytes Per Scan = 100000000 Max Unsafe Bytes Per Scan = 50000000 Max Unscanned Messages Per Scan = 30 Max Unsafe Messages Per Scan = 30 Max Normal Queue Size = 20 Scan Messages = yes Reject Message = no Maximum Attachments Per Message = 200 Expand TNEF = no Deliver Unparsable TNEF = no TNEF Expander = /opt/MailScanner/bin/tnef --maxsize=100000000 TNEF Timeout = 120 File Command = File Timeout = 0 Unrar Command = /usr/bin/unrar Unrar Timeout = 0 Find UU-Encoded Files = no Maximum Message Size = 0 Maximum Attachment Size = -1 Minimum Attachment Size = -1 Maximum Archive Depth = 0 Find Archives By Content = no Virus Scanning = yes Virus Scanners = mcafee f-prot Virus Scanner Timeout = 20 Deliver Disinfected Files = no Silent Viruses = HTML-IFrame All-Viruses Still Deliver Silent Viruses = no Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar Block Encrypted Messages = no Block Unencrypted Messages = no Allow Password-Protected Archives = yes Allowed Sophos Error Messages = Sophos IDE Dir = /usr/local/Sophos/ide Sophos Lib Dir = /usr/local/Sophos/lib Monitors For Sophos Updates = /usr/local/Sophos/ide/*ides.zip Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd ClamAVmodule Maximum Recursion Level = 8 ClamAVmodule Maximum Files = 1000 ClamAVmodule Maximum Compression Ratio = 250 Dangerous Content Scanning = yes Allow Partial Messages = no Allow External Message Bodies = no Find Phishing Fraud = no Also Find Numeric Phishing = no Highlight Phishing Fraud = yes Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf Allow IFrame Tags = yes Allow Form Tags = yes Allow Script Tags = yes Allow WebBugs = disarm Allow Object Codebase Tags = disarm Convert Dangerous HTML To Text = no Convert HTML To Text = no Allow Filenames = Deny Filenames = Filename Rules = Allow Filetypes = Deny Filetypes = Filetype Rules = Quarantine Infections = no Quarantine Silent Viruses = no Quarantine Modified Body = no Quarantine Whole Message = no Quarantine Whole Messages As Queue Files = no Keep Spam And MCP Archive Clean = no Language Strings = %report-dir%/languages.conf Rejection Report = %report-dir%/rejection.report.txt Deleted Bad Content Message Report = %report-dir%/deleted.content.message.txt Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt Stored Bad Content Message Report = %report-dir%/stored.content.message.txt Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt Stored Virus Message Report = %report-dir%/stored.virus.message.txt Disinfected Report = %report-dir%/disinfected.report.txt Inline HTML Signature = %report-dir%/inline.sig.html Inline Text Signature = %report-dir%/inline.sig.txt Inline HTML Warning = %report-dir%/inline.warning.html Inline Text Warning = %report-dir%/inline.warning.txt Sender Content Report = %report-dir%/sender.content.report.txt Sender Error Report = %report-dir%/sender.error.report.txt Sender Bad Filename Report = %report-dir%/sender.filename.report.txt Sender Virus Report = %report-dir%/sender.virus.report.txt Hide Incoming Work Dir = yes Include Scanner Name In Reports = no Mail Header = X-%org-name%-Virus-Scan: Spam Header = X-%org-name%-Spam-Report: Spam Score Header = X-Spam-Score: Add Envelope From Header = yes Add Envelope To Header = no Envelope From Header = X-%org-name%-Orig-From: Envelope To Header = X-%org-name%-Orig-To: Spam Score Character = + SpamScore Number Instead Of Stars = no Minimum Stars If On Spam List = 7 Clean Header Value = Found to be clean Infected Header Value = Found to be infected Disinfected Header Value = Virus cleaned Information Header Value = Please contact the ISP for more information Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = yes Multiple Headers = append Hostname = the %org-name% ($HOSTNAME) MailScanner Sign Messages Already Processed = no Sign Clean Messages = no Mark Infected Messages = yes Mark Unscanned Messages = yes Unscanned Header Value = Not scanned Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: Deliver Cleaned Messages = yes Notify Senders = yes Notify Senders Of Viruses = no Notify Senders Of Blocked Filenames Or Filetypes = yes Notify Senders Of Other Blocked Content = yes Never Notify Senders Of Precedence = list bulk Scanned Subject Text = [scanned] Virus Modify Subject = no Virus Subject Text = [virus-found] Filename Modify Subject = yes Filename Subject Text = [bad-attachment] Content Modify Subject = yes Content Subject Text = [dangerous-content] Disarmed Modify Subject = no Disarmed Subject Text = [disarmed] Phishing Modify Subject = no Phishing Subject Text = [potential-fraud] Spam Modify Subject = yes Spam Subject Text = [may-be-spam] High Scoring Spam Modify Subject = yes High Scoring Spam Subject Text = [may-be-spam] Warning Is Attachment = yes Attachment Warning Filename = %org-name%-Attachment-Warning.txt Attachment Encoding Charset = ISO-8859-1 Archive Mail = Send Notices = no Notices Include Full Headers = no Hide Incoming Work Dir in Notices = no Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info Notices From = MailScanner Notices To = postmaster Local Postmaster = postmaster Spam List Definitions = %etc-dir%/spam.lists.conf Virus Scanner Definitions = %etc-dir%/virus.scanners.conf Spam Checks = yes Spam List = spamcop.net SBL+XBL SORBS-DNSBL Spam Domain List = Spam Lists To Be Spam = 1 Spam Lists To Reach High Score = 3 Spam List Timeout = 10 Max Spam List Timeouts = 7 Spam List Timeouts History = 10 Is Definitely Not Spam = &ByDomainSpamWhitelist Is Definitely Spam = no Definite Spam Is High Scoring = no Ignore Spam Whitelist If Recipients Exceed = 20 Use SpamAssassin = yes Max SpamAssassin Size = 30000 Required SpamAssassin Score = 5 High SpamAssassin Score = 15 SpamAssassin Auto Whitelist = no SpamAssassin Timeout = 20 Max SpamAssassin Timeouts = 20 SpamAssassin Timeouts History = 30 Check SpamAssassin If On Spam List = no Spam Score = yes Cache SpamAssassin Results = no SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db Rebuild Bayes Every = 0 Wait During Bayes Rebuild = no Use Custom Spam Scanner = no Max Custom Spam Scanner Size = 20000 Custom Spam Scanner Timeout = 20 Max Custom Spam Scanner Timeouts = 10 Custom Spam Scanner Timeout History = 20 Spam Actions = deliver High Scoring Spam Actions = deliver Non Spam Actions = deliver Sender Spam Report = %report-dir%/sender.spam.report.txt Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt Inline Spam Warning = %report-dir%/inline.spam.warning.txt Recipient Spam Report = %report-dir%/recipient.spam.report.txt Enable Spam Bounce = %rules-dir%/bounce.rules Bounce Spam As Attachment = no Syslog Facility = mail Log Speed = no Log Spam = yes Log Non Spam = no Log Permitted Filenames = no Log Permitted Filetypes = no Log Silent Viruses = no Log Dangerous HTML Tags = no SpamAssassin User State Dir = SpamAssassin Install Prefix = SpamAssassin Site Rules Dir = /etc/mail/spamassassin SpamAssassin Local Rules Dir = SpamAssassin Default Rules Dir = MCP Checks = no First Check = mcp MCP Required SpamAssassin Score = 1 MCP High SpamAssassin Score = 10 MCP Error Score = 1 MCP Header = X-%org-name%-MailScanner-MCPCheck: Non MCP Actions = deliver MCP Actions = deliver High Scoring MCP Actions = deliver Bounce MCP As Attachment = no MCP Modify Subject = yes MCP Subject Text = {MCP?} High Scoring MCP Modify Subject = yes High Scoring MCP Subject Text = {MCP?} Is Definitely MCP = no Is Definitely Not MCP = no Definite MCP Is High Scoring = no Always Include MCP Report = no Detailed MCP Report = yes Include Scores In MCP Report = no Log MCP = no MCP Max SpamAssassin Timeouts = 20 MCP Max SpamAssassin Size = 100000 MCP SpamAssassin Timeout = 10 MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf MCP SpamAssassin User State Dir = MCP SpamAssassin Local Rules Dir = %mcp-dir% MCP SpamAssassin Default Rules Dir = %mcp-dir% MCP SpamAssassin Install Prefix = %mcp-dir% Recipient MCP Report = %report-dir%/recipient.mcp.report.txt Sender MCP Report = %report-dir%/sender.mcp.report.txt Use Default Rules With Multiple Recipients = no Spam Score Number Format = %d MailScanner Version Number = 4.50.15 SpamAssassin Cache Timings = 1800,300,10800,172800,600 Debug = no Debug SpamAssassin = no Run In Foreground = no Always Looked Up Last = no Always Looked Up Last After Batch = no Deliver In Background = yes Delivery Method = batch Split Exim Spool = yes Lockfile Dir = /tmp Custom Functions Dir = /opt/MailScanner/lib/MailScanner/CustomFunctions Lock Type = Minimum Code Status = supported -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From rgreen at trayerproducts.com Wed Feb 15 19:20:32 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Wed Feb 15 19:20:49 2006 Subject: mail to specific account delivered without filtering Message-ID: <43F37F00.1060705@trayerproducts.com> Hello, Is there a way in MailScanner to setup an account that does not get scanned by spam protection? Thanks, Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Wed Feb 15 19:33:10 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Feb 15 19:33:57 2006 Subject: mail to specific account delivered without filtering In-Reply-To: <43F37F00.1060705@trayerproducts.com> References: <43F37F00.1060705@trayerproducts.com> Message-ID: <625385e30602151133m29e2715s8d1aa6c84cfc42b7@mail.gmail.com> On 2/15/06, Rodney Green wrote: > > Hello, > > Is there a way in MailScanner to setup an account that does not get > scanned by spam protection? > Look in the rules directory for examples on how to do this. It's also in the FAQ. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060215/b47d4441/attachment.html From lox at birdy.nc Wed Feb 15 23:08:39 2006 From: lox at birdy.nc (Laurent Dinclaux) Date: Wed Feb 15 23:08:54 2006 Subject: Upgrade =?iso-8859-1?q?probl=E8me_with_language=2Econf?= Message-ID: <43F3B477.8010206@birdy.nc> Hello, I have just upgraded MailScanner to latest version (4.5) I have followed the instruction written after lauchning upgrade_language_conf I have tried for report/en and report/fr folders and same result for both: empty language.conf file! I have tried to force upgrade of MailScanner : rpm -Uvh --force mailscanner-4.50.15-1.noarch.rpm - but that has not created any language.conf.rpmnew files... Any idea on how I can solve my problem? Can anyone just send me its own mailscanner 4.5.15 language.conf files for 'en' and 'fr' languages? Thanks a lot Best regards -- Laurent Dinclaux lox@birdy.nc From lox at birdy.nc Wed Feb 15 23:39:12 2006 From: lox at birdy.nc (Laurent Dinclaux) Date: Wed Feb 15 23:39:26 2006 Subject: Upgrade =?iso-8859-1?q?probl=E8me_with_language=2Econf?= In-Reply-To: <43F3B477.8010206@birdy.nc> References: <43F3B477.8010206@birdy.nc> Message-ID: <43F3BBA0.4040005@birdy.nc> Laurent Dinclaux a ?crit : > I have just upgraded MailScanner to latest version (4.5) I have followed > the instruction written after lauchning upgrade_language_conf > > I have tried for report/en and report/fr folders and same result for > both: empty language.conf file! > > I have tried to force upgrade of MailScanner : > rpm -Uvh --force mailscanner-4.50.15-1.noarch.rpm - but that has not > created any language.conf.rpmnew files... > > Any idea on how I can solve my problem? Can anyone just send me its own > mailscanner 4.5.15 language.conf files for 'en' and 'fr' languages? Found it, I have delete empty language.conf files and then: #rpm -Uvh --force mailscanner-4.50.15-1.noarch.rpm And now language.conf files are back in place Best regards -- Laurent Dinclaux lox@birdy.nc From tpruitt at pruittcom.com Thu Feb 16 04:05:25 2006 From: tpruitt at pruittcom.com (Tommy Pruitt) Date: Thu Feb 16 04:07:50 2006 Subject: Unrecognised keyword "spamassassinprefsfile" Message-ID: Below is from my maillog. Is it safe to comment out the "spanassassinprefsfile" line in the config or what is recommended to fix it? Feb 15 22:02:00 clint MailScanner[3039]: MailScanner E-Mail Virus Scanner version 4.50.15 starting... Feb 15 22:02:00 clint MailScanner[3039]: Syntax error(s) in configuration file: Feb 15 22:02:00 clint MailScanner[3039]: Unrecognised keyword "spamassassinprefsfile" at line 2078 Feb 15 22:02:00 clint MailScanner[3039]: Aborting due to syntax errors in /etc/MailScanner/MailScanner.conf. Feb 15 22:02:00 clint MailScanner[3039]: Read 701 hostnames from the phishing whitelist Feb 15 22:02:00 clint MailScanner[3039]: User's home directory /var/spool/postfix is not writable Feb 15 22:02:00 clint MailScanner[3039]: You need to set the "SpamAssassin User State Dir" to a directory that the "Run As User" can write to Feb 15 22:02:01 clint MailScanner[3039]: Using SpamAssassin results cache Feb 15 22:02:01 clint MailScanner[3039]: Connected to SpamAssassin cache database Thanks, Tommy -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Jeff.Mills at versacold.com.au Thu Feb 16 04:25:25 2006 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Thu Feb 16 04:25:30 2006 Subject: Unrecognised keyword "spamassassinprefsfile" Message-ID: <197F21E06E4D2A478519EA9078D6AA1C01B0ACB5@poclexch.AU.POCOLD.POCL> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Tommy > Pruitt > Sent: Thursday, 16 February 2006 3:05 PM > To: mailscanner@lists.mailscanner.info > Subject: Unrecognised keyword "spamassassinprefsfile" > > > Below is from my maillog. Is it safe to comment out the > "spanassassinprefsfile" line in the config or what is > recommended to fix > it? > Did you run upgrade_MailScanner_conf in your MailScanner/bin folder? *** "This company is now part of the Versacold Holdings Corp. and is no longer owned by or affiliated with the P&O Group" *** Please update your address books: Was: firstname.lastname@pocold.com.au Now: firstname.lastname@versacold.com.au ************** www.versacold.com ************** From tpruitt at pruittcom.com Thu Feb 16 04:40:09 2006 From: tpruitt at pruittcom.com (Tommy Pruitt) Date: Thu Feb 16 04:42:34 2006 Subject: Unrecognised keyword "spamassassinprefsfile" Message-ID: It won't run the upgrade_MailScanner_conf file because I don't have a .rpmnew file to reference. This is a fresh install and the default .conf file Thanks. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeff Mills Sent: Wednesday, February 15, 2006 10:25 PM To: MailScanner discussion Subject: RE: Unrecognised keyword "spamassassinprefsfile" > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Tommy > Pruitt > Sent: Thursday, 16 February 2006 3:05 PM > To: mailscanner@lists.mailscanner.info > Subject: Unrecognised keyword "spamassassinprefsfile" > > > Below is from my maillog. Is it safe to comment out the > "spanassassinprefsfile" line in the config or what is recommended to > fix it? > Did you run upgrade_MailScanner_conf in your MailScanner/bin folder? *** "This company is now part of the Versacold Holdings Corp. and is no longer owned by or affiliated with the P&O Group" *** Please update your address books: Was: firstname.lastname@pocold.com.au Now: firstname.lastname@versacold.com.au ************** www.versacold.com ************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ganci at nurdog.com Thu Feb 16 04:47:42 2006 From: ganci at nurdog.com (Paul R. Ganci) Date: Thu Feb 16 04:48:26 2006 Subject: MailScanner won't notify recipients when quarantine messages/attachments Message-ID: <43F403EE.90101@nurdog.com> I recently upgraded 3 different MailScanner installations to 4.50.15. Ever since I did that recipients of messages which had attachments stripped are no longer notified that the attachment is quarantined on all 3 installations. To the best of my knowledge I am using the same MailScanner.conf that I have been using with 4.48.4 save for new config parameters. Can anyone clue me in as to what might have changed to stop the notification? I honestly don't know why recipients would not be told that there attachments had been stripped. -- Paul (ganci@nurdog.com) From linux_spartacus at yahoo.com Thu Feb 16 05:56:58 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Thu Feb 16 05:57:02 2006 Subject: MailScanner won't notify recipients when quarantine messages/attachments In-Reply-To: <43F403EE.90101@nurdog.com> Message-ID: <20060216055658.85670.qmail@web35606.mail.mud.yahoo.com> check your < notify sender = yes/no > parameter "Paul R. Ganci" wrote: I recently upgraded 3 different MailScanner installations to 4.50.15. Ever since I did that recipients of messages which had attachments stripped are no longer notified that the attachment is quarantined on all 3 installations. To the best of my knowledge I am using the same MailScanner.conf that I have been using with 4.48.4 save for new config parameters. Can anyone clue me in as to what might have changed to stop the notification? I honestly don't know why recipients would not be told that there attachments had been stripped. -- Paul (ganci@nurdog.com) -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --------------------------------- Relax. Yahoo! Mail virus scanning helps detect nasty viruses! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060215/2ffbeeb0/attachment.html From ganci at nurdog.com Thu Feb 16 06:13:15 2006 From: ganci at nurdog.com (Paul R. Ganci) Date: Thu Feb 16 06:13:55 2006 Subject: MailScanner won't notify recipients when quarantine messages/attachments In-Reply-To: <20060216055658.85670.qmail@web35606.mail.mud.yahoo.com> References: <20060216055658.85670.qmail@web35606.mail.mud.yahoo.com> Message-ID: <43F417FB.3080207@nurdog.com> spart cus wrote: > > check your < notify sender = yes/no > parameter > */"Paul R. Ganci" /* wrote: > > > I have notify sender = no. The problem is not that I want to notify the sender. I want to notify the recipient. What appears to be happening is that no Email is delivered at all to the recipient. In the logs I will see that the attachment was stripped and that it was sent to quarantine, but that does no good for the end user who might need to retrieve something. For grins I did set notify sender = yes. Then the sender did get notified appropriately. The recipient still did not receive any indication that an attachment was stripped. Very strange behavior indeed. -- Paul (ganci@nurdog.com) From glenn.steen at gmail.com Thu Feb 16 09:22:50 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 16 09:22:53 2006 Subject: =?iso-8859-1?q?Re=3A_Upgrade_probl=E8me_with_language=2Econf?= In-Reply-To: <43F3BBA0.4040005@birdy.nc> References: <43F3B477.8010206@birdy.nc> <43F3BBA0.4040005@birdy.nc> Message-ID: <223f97700602160122u29a08c2bh@mail.gmail.com> On 16/02/06, Laurent Dinclaux wrote: > Laurent Dinclaux a ?crit : > > I have just upgraded MailScanner to latest version (4.5) I have followed > > the instruction written after lauchning upgrade_language_conf > > > > I have tried for report/en and report/fr folders and same result for > > both: empty language.conf file! > > > > I have tried to force upgrade of MailScanner : > > rpm -Uvh --force mailscanner-4.50.15-1.noarch.rpm - but that has not > > created any language.conf.rpmnew files... > > > > Any idea on how I can solve my problem? Can anyone just send me its own > > mailscanner 4.5.15 language.conf files for 'en' and 'fr' languages? > > Found it, I have delete empty language.conf files and then: > > #rpm -Uvh --force mailscanner-4.50.15-1.noarch.rpm > > And now language.conf files are back in place > > Best regards > > -- > Laurent Dinclaux > lox@birdy.nc > All this is due to you just cut'n'pasting the commands as suggested by the upgrade_* scripts. I've sugegsted some "safer wordings" on those commands to Julian, and hopefully he'll implement them. Next time... Check that you have a languages.conf.rpmnew _before_ running the commands. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From linux_spartacus at yahoo.com Thu Feb 16 10:23:36 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Thu Feb 16 10:23:39 2006 Subject: MailScanner won't notify recipients when quarantine messages/attachments In-Reply-To: <43F417FB.3080207@nurdog.com> Message-ID: <20060216102336.99055.qmail@web35610.mail.mud.yahoo.com> "Paul R. Ganci" wrote: spart cus wrote: > > check your < notify sender = yes/no > parameter > */"Paul R. Ganci" /* wrote: > > > I have notify sender = no. The problem is not that I want to notify the sender. I want to notify the recipient. What appears to be happening is that no Email is delivered at all to the recipient. In the logs I will see that the attachment was stripped and that it was sent to quarantine, but that does no good for the end user who might need to retrieve something. For grins I did set notify sender = yes. Then the sender did get notified appropriately. The recipient still did not receive any indication that an attachment was stripped. Very strange behavior indeed. -- Paul (ganci@nurdog.com) -- what type of attachment ? so its ok set Notify sender = no since you dont want the sender specially a spammer having to receive the message. You would like to check the Reports and Responses portion --------------------------------- Relax. Yahoo! Mail virus scanning helps detect nasty viruses! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060216/7f720f40/attachment.html From Jan-Peter.Koopmann at seceidos.de Thu Feb 16 12:21:44 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Thu Feb 16 12:21:57 2006 Subject: More 4.50.15 woes on FreeBSD - Update Message-ID: On Wednesday, February 15, 2006 7:19 PM TCIS List Acct wrote: > JP, > > I installed everything with ports this morning, including > SpamAssassin: >From your config file I can see that you probably still do not use the MailScanner port itself though. Is this a completly clean machine? I still somehow feel you have some leftovers of non-port p5-modules or something similar. Sorry I cannot be of further assistance. Maybe you will have to debug this with Julian. Kind regards, JP From glenn.steen at gmail.com Thu Feb 16 12:39:48 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 16 12:39:54 2006 Subject: MailScanner won't notify recipients when quarantine messages/attachments In-Reply-To: <43F417FB.3080207@nurdog.com> References: <20060216055658.85670.qmail@web35606.mail.mud.yahoo.com> <43F417FB.3080207@nurdog.com> Message-ID: <223f97700602160439g58ffa0b8p@mail.gmail.com> On 16/02/06, Paul R. Ganci wrote: > spart cus wrote: > > > > > check your < notify sender = yes/no > parameter > > */"Paul R. Ganci" /* wrote: > > > > > > > I have notify sender = no. The problem is not that I want to notify the > sender. I want to notify the recipient. What appears to be happening is > that no Email is delivered at all to the recipient. In the logs I will > see that the attachment was stripped and that it was sent to quarantine, > but that does no good for the end user who might need to retrieve something. What do you have "Still Deliver Silent Viruses" set to? "Silent Viruses"? That combination of settings is what handles delivery of "cleaned" messages (as opposed to settings regarding "disinfection"...). > For grins I did set notify sender = yes. Then the sender did get > notified appropriately. The recipient still did not receive any > indication that an attachment was stripped. Very strange behavior indeed. I'm not grinning. Don't do that. Or ask yourself "Do I want to be part of the problem";-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From gmatt at nerc.ac.uk Thu Feb 16 13:35:24 2006 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Feb 16 13:35:32 2006 Subject: x86_64 mail servers In-Reply-To: <43F207C7.2070105@rogers.com> References: <1139921866.3131.15.camel@lea.nerc-wallingford.ac.uk> <43F207C7.2070105@rogers.com> Message-ID: <1140096924.16032.7.camel@lea.nerc-wallingford.ac.uk> On Tue, 2006-02-14 at 11:39 -0500, Mike Jakubik wrote: > Greg Matthews wrote: > > I've installed on a SMP Opteron box and the only stumbling block is that > > Sophos AV is 32 bit only so you cant use the Sophos::SAVI libraries to > > interface to it. Instead, you call sophos directly. > > > > Did you know that you can run 64 bit and 32 bit binaries on an AMD64 > cpu? Just enable your OS to do so. yes I realise that, but I've installed the 64 bit OS so the perl binary is 64 bit which makes integrating the SAVI module and the sophos AV stuff difficult. Presumably, I could install a 32 bit perl and run the whole MS stuff on that instead of the 64 bit perl. For the time being I'm happy to use the Sophos 32 bit binary directly for the time being. And I wont be upgrading my production hardware to 64 bit for another 12 months or so, by which time sophos may have got their act together wrt to 64 bit binaries. G > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From listacct at tulsaconnect.com Thu Feb 16 13:39:47 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Thu Feb 16 13:39:51 2006 Subject: More 4.50.15 woes on FreeBSD - Update In-Reply-To: References: Message-ID: <43F480A3.6090103@tulsaconnect.com> Koopmann, Jan-Peter wrote: >>From your config file I can see that you probably still do not use the MailScanner port itself though. Correct. > Is this a completly clean machine? I still somehow feel you have some leftovers of non-port p5-modules or something similar. Sorry I cannot be of further assistance. Maybe you will have to debug this with Julian. I removed Perl, all ports, etc before I started the process, so in effect it is a "clean" box. I'll keep experimenting though. On your setup, how much mail does your box process per day, and what is the hardware specs on the box? What is the avg load? The problem essentially seems to be memory exhaustion, as 4.50.x seems to use far more memory than previous versions, and doesn't "clean up" as well. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From amoore at dekalbmemorial.com Thu Feb 16 14:16:56 2006 From: amoore at dekalbmemorial.com (Aaron K. Moore) Date: Thu Feb 16 14:16:18 2006 Subject: Convert HTML Question Message-ID: <60D398EB2DB948409CA1F50D8AF12257DB1BE9@exch1.dekalbmemorial.local> Greg, You need to set Non Spam Actions in your MailScanner.conf to be a rule set with rules like the following. To: pager@pagingservice.com striphtml deliver FromOrTo: default deliver Check the documentation for more information on using rule sets. Greg Rowe wrote: > Greetings, > I have an existing MailScanner installation running as a gateway for > multiple domains into backend mail servers. Current version is > 4.45.4, but planning to upgrade to 4.50.15 this weekend. One new > domain that the MailScanner systems accepts mail for gets relayed to > a vendor paging service after processing. The paging service can only > accept pure text messages and rejects any message containing MIME or > HTML. Unfortunately a large number of the people sending to this > domain are on OutLook and use HTML by default. The paging service > also returns a meaningless error message to the sender if it > encounters HTML or MIME tags. > > Using the Convert HTML To Text rule in MailScanner works great for > messages destined to that domain to strip the HTML, but the MIME tags > are still contained in the message, and message body text is repeated: > > Any ideas as far as a best solution to stripping out all the MIME and > HTML and being left with just the message body text ? > > Thanks, > Greg -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN E-mail: amoore@dekalbmemorial.com From greg at rowes.org Thu Feb 16 15:19:37 2006 From: greg at rowes.org (Greg Rowe) Date: Thu Feb 16 15:08:47 2006 Subject: Convert HTML Question In-Reply-To: <60D398EB2DB948409CA1F50D8AF12257DB1BE9@exch1.dekalbmemorial.local> Message-ID: Hi Aaron, Does this rule differ than having a rule in the MailScanner.conf that looks like this: Convert HTML To Text = %rules-dir%/strip.html.rules And the contents of "strip.html.rules": To: *@pagingservice.com yes FromOrTo: default no ?? The above rule is working and the message is being delivered properly, but still contains the following in the message body after the HTML is stripped: > This is a multi-part message in MIME format. > ------_=_NextPart_001_01C63248.6B567FBD > Content-Type: text/plain; > charset="US-ASCII" > Content-Transfer-Encoding: quoted-printable > > This is a test page > > ------_=_NextPart_001_01C63248.6B567FBD > Content-type: text/plain; charset="US-ASCII" > Content-Transfer-Encoding: quoted-printable > > This is a test page > > ------_=_NextPart_001_01C63248.6B567FBD-- The Paging service, right or wrong, is doing some check to determine if the message contains HTML or MIME and is rejecting the message based on still finding these MIME statements. If the Paging service returned some informative message to the user that pointed them towards the HTML problem, I wouldn't be as concerned. Unfortunately, all it returns is a Remote protocol Error. Since I'm already using MailScanner to remove the HTML, I was wondering if I could also remove the MIME and Content lines too ? Thanks, Greg On 2/16/06 9:16 AM, "Aaron K. Moore" wrote: > Greg, > > You need to set Non Spam Actions in your MailScanner.conf to be a rule > set with rules like the following. > > To: pager@pagingservice.com striphtml deliver > FromOrTo: default deliver > > Check the documentation for more information on using rule sets. > > Greg Rowe wrote: >> Greetings, >> I have an existing MailScanner installation running as a gateway for >> multiple domains into backend mail servers. Current version is >> 4.45.4, but planning to upgrade to 4.50.15 this weekend. One new >> domain that the MailScanner systems accepts mail for gets relayed to >> a vendor paging service after processing. The paging service can only >> accept pure text messages and rejects any message containing MIME or >> HTML. Unfortunately a large number of the people sending to this >> domain are on OutLook and use HTML by default. The paging service >> also returns a meaningless error message to the sender if it >> encounters HTML or MIME tags. >> >> Using the Convert HTML To Text rule in MailScanner works great for >> messages destined to that domain to strip the HTML, but the MIME tags >> are still contained in the message, and message body text is repeated: >> >> Any ideas as far as a best solution to stripping out all the MIME and >> HTML and being left with just the message body text ? >> >> Thanks, >> Greg From rgreen at trayerproducts.com Thu Feb 16 15:23:59 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Thu Feb 16 15:25:04 2006 Subject: spam actions - forwarded mail bounces Message-ID: <43F4990F.3040408@trayerproducts.com> Hello, I have spam actions rules setup to forward mail to an account so I can review the mail for false positives. When I specify the account as user@domain.com the server bounces the mail to the original sender. When I specify the full hostname in the address, e.g. user@mail2.domain.com, the mail is delivered to the spam review box without problems. It's easy enough to specify the full hostname when setting up rules. I'm just curious as to why this is happening. Anyone care to enlighten me? Thanks, Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jimcsoka at dominionfirstmortgage.com Thu Feb 16 15:45:18 2006 From: jimcsoka at dominionfirstmortgage.com (James Csoka) Date: Thu Feb 16 15:27:10 2006 Subject: Blocking an individual email address Message-ID: <015801c6330f$fc9f4460$2e07a8c0@domfirst.local> I'm reposting this here to see if maybe anyone here knows of some reason that Mailscanner would or would not be causing the issue that I seem to be having. I posted this in freebsd-questions, but I'm not having much luck figuring out what is happening. Any help would be greatly appreciated. I have a mail server (it also functions as a firewall) running freebsd5.4, with mailscanner, openwebmail, and sendmail. I wish to block an individual email address, but I do not want to mark it as spam. My first solution was to add the blacklist feature to the sendmail.mc file, and recreate the .cf file, which I did. I then added the line To:user@example.com REJECT to the /etc/mail/access file, and ran make maps. I also had added the line user@example.com REJECT. This then blocked that address from sending email to people on my internal network. When I tested it from outside my network I used openwebmail as a web interface to send email to that address, and it failed. Which was what I wanted. However, from inside my network, using Outlook, you can send email to that address without a problem. It seems as if the access.db is doing it's job. When using openwebmail, the smtp server rejects any attempt to send mail to that address. however, locally, it does not. When i'm sitting in front of my windows client, I can use Outlook and send email to that address without a problem. Does anyone know why via a web interface, the access file rules would apply, yet they would be ignored when sending mail from inside the network using Outlook to send external email? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060216/4f4c5b73/attachment.html From rgreen at trayerproducts.com Thu Feb 16 15:37:30 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Thu Feb 16 15:37:42 2006 Subject: spam actions - forwarded mail bounces In-Reply-To: <43F4990F.3040408@trayerproducts.com> References: <43F4990F.3040408@trayerproducts.com> Message-ID: <43F49C3A.9070904@trayerproducts.com> Rodney Green wrote: > Hello, > > I have spam actions rules setup to forward mail to an account so I can > review the mail for false positives. When I specify the account as > user@domain.com the server bounces the mail to the original sender. > When I specify the full hostname in the address, e.g. > user@mail2.domain.com, the mail is delivered to the spam review box > without problems. It's easy enough to specify the full hostname when > setting up rules. I'm just curious as to why this is happening. Anyone > care to enlighten me? > > Thanks, > Rod > > Replying to my own post. Just had a question that's sort of related. Can you use a delete and forward action on the same line? Example: To: default delete forward spambucket@mail4.domain.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From DCurtis at sbschools.net Thu Feb 16 15:40:43 2006 From: DCurtis at sbschools.net (David Curtis) Date: Thu Feb 16 15:41:04 2006 Subject: Unrecognised keyword "spamassassinprefsfile" Message-ID: I assume this is for me and I have never had problems running the upgrade_MailScanner_conf from the /etc/MailScanner folder but yes I have run it from the bin (/usr/lib/MailScanner/utils/bin) folder and still have the lint problem. Thanks >>> Jeff.Mills@versacold.com.au 2/15/2006 11:25:25 PM >>> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Tommy > Pruitt > Sent: Thursday, 16 February 2006 3:05 PM > To: mailscanner@lists.mailscanner.info > Subject: Unrecognised keyword "spamassassinprefsfile" > > > Below is from my maillog. Is it safe to comment out the > "spanassassinprefsfile" line in the config or what is > recommended to fix > it? > Did you run upgrade_MailScanner_conf in your MailScanner/bin folder? *** "This company is now part of the Versacold Holdings Corp. and is no longer owned by or affiliated with the P&O Group" *** Please update your address books: Was: firstname.lastname@pocold.com.au Now: firstname.lastname@versacold.com.au ************** www.versacold.com ************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060216/43841a54/attachment.html From glenn.steen at gmail.com Thu Feb 16 15:41:32 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 16 15:41:36 2006 Subject: Convert HTML Question In-Reply-To: References: <60D398EB2DB948409CA1F50D8AF12257DB1BE9@exch1.dekalbmemorial.local> Message-ID: <223f97700602160741v3bab9073r@mail.gmail.com> On 16/02/06, Greg Rowe wrote: > Hi Aaron, > Does this rule differ than having a rule in the MailScanner.conf that looks > like this: > > Convert HTML To Text = %rules-dir%/strip.html.rules > > And the contents of "strip.html.rules": > > To: *@pagingservice.com yes > FromOrTo: default no > > ?? > > The above rule is working and the message is being delivered properly, but > still contains the following in the message body after the HTML is stripped: > > > This is a multi-part message in MIME format. > > ------_=_NextPart_001_01C63248.6B567FBD > > Content-Type: text/plain; > > charset="US-ASCII" > > Content-Transfer-Encoding: quoted-printable > > > > This is a test page > > > > ------_=_NextPart_001_01C63248.6B567FBD > > Content-type: text/plain; charset="US-ASCII" > > Content-Transfer-Encoding: quoted-printable > > > > This is a test page > > > > ------_=_NextPart_001_01C63248.6B567FBD-- > > The Paging service, right or wrong, is doing some check to determine if the > message contains HTML or MIME and is rejecting the message based on still > finding these MIME statements. If the Paging service returned some > informative message to the user that pointed them towards the HTML problem, > I wouldn't be as concerned. Unfortunately, all it returns is a Remote > protocol Error. Since I'm already using MailScanner to remove the HTML, I > was wondering if I could also remove the MIME and Content lines too ? > > Thanks, > Greg That the message contains both a HTML and a text portion is due to .... the MUA. From your example, MS does it's job and converts the HTML to text... But how would it know that that text is exactly the same as text portion of the original text attachment? I'd imagine one could solve this (custom function perhaps), but it's not as trivial as it might seem. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Feb 16 15:57:23 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 16 15:57:28 2006 Subject: spam actions - forwarded mail bounces In-Reply-To: <43F49C3A.9070904@trayerproducts.com> References: <43F4990F.3040408@trayerproducts.com> <43F49C3A.9070904@trayerproducts.com> Message-ID: <223f97700602160757x3b5b8095k@mail.gmail.com> On 16/02/06, Rodney Green wrote: > > > Rodney Green wrote: > > Hello, > > > > I have spam actions rules setup to forward mail to an account so I can > > review the mail for false positives. When I specify the account as > > user@domain.com the server bounces the mail to the original sender. > > When I specify the full hostname in the address, e.g. > > user@mail2.domain.com, the mail is delivered to the spam review box > > without problems. It's easy enough to specify the full hostname when > > setting up rules. I'm just curious as to why this is happening. Anyone > > care to enlighten me? If this is Postfix as MTA and the domain is a virtual domain, this is expected, since the expansion of the virtual address -> real address is done prior to the incoming queue... where MailScanner will drop it in. There's no real fix for this other than using the real address in the rules in MailScanner.conf. > > Thanks, > > Rod > > > > > > Replying to my own post. Just had a question that's sort of related. Can > you use a delete and forward action on the same line? > > Example: To: default delete forward spambucket@mail4.domain.com > Yes, AFAICS. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rgreen at trayerproducts.com Thu Feb 16 16:05:00 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Thu Feb 16 16:05:13 2006 Subject: spam actions - forwarded mail bounces In-Reply-To: <223f97700602160757x3b5b8095k@mail.gmail.com> References: <43F4990F.3040408@trayerproducts.com> <43F49C3A.9070904@trayerproducts.com> <223f97700602160757x3b5b8095k@mail.gmail.com> Message-ID: <43F4A2AC.6040606@trayerproducts.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060216/2c93f630/attachment.html From Jan-Peter.Koopmann at seceidos.de Thu Feb 16 18:31:08 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Thu Feb 16 18:31:20 2006 Subject: More 4.50.15 woes on FreeBSD - Update Message-ID: On Thursday, February 16, 2006 2:40 PM TCIS List Acct wrote: > effect it is a "clean" box. I'll keep experimenting though. On your > setup, how much mail does your box process per day, and what is the My own box is pretty small. Just a few thousand mails per day. Customer sites go up to a few ten-thousand mails per day. > hardware specs on the box? What is the avg load? Avg load is close to zero. :-) > The problem > essentially seems to be memory exhaustion, as 4.50.x seems to use far > more memory than previous versions, and doesn't "clean up" as well. Might be. Maybe there is a leak somewhere. The only thing which still puzzles me is that I had similar problems on my box (even with the low load) going to 4.49 and upgrading the ports helped immediatly. In my case MailScanner was working for a few minutes and then suddenly came to a stop and crashed somehow. I never really debugged this to be honest, just upgraded everything and once things started working again I was satisfied. Sorry I cannot be of greater help. Ask Julian! Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060216/1154df64/smime.bin From mailscanner at PDSCC.COM Thu Feb 16 20:20:49 2006 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Thu Feb 16 20:20:58 2006 Subject: supress but keep headers Message-ID: <200602200746.XAA03910@sheridan.sibble.net> I know I had this problem before and I thought I posted about it, but can't find it in my local archives or the list archives at gmane Emails coming into the network have the following showing X-Company Name Ltd.-MailScanner-Information: Please contact the ISP for more information X-Company Name Ltd.-MailScanner: Found to be clean X-Company Name Ltd.-MailScanner-SpamCheck: not spam, SpamAssassin (score=0, required 6, autolearn=not spam) X-Company Name Ltd.-MailScanner-From: help@pdscc.com up in the message body, this is using outlook 2000 and Samsung contact. I'd like to see those headers be hidden, but still accessible by viewing the options, how do I do that. This is on mailscanner-4.49.7-1 btw. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From dwinkler at algorithmics.com Thu Feb 16 20:34:14 2006 From: dwinkler at algorithmics.com (Derek Winkler) Date: Thu Feb 16 20:32:36 2006 Subject: supress but keep headers Message-ID: <570A16F7DB56C242B26876067D682FD002308D1B@TORMAIL.algorithmics.com> Look just above where you set this in MailScanner.conf -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Harondel J. Sibble Sent: Thursday, February 16, 2006 3:21 PM To: mailScanner discussion Subject: supress but keep headers I know I had this problem before and I thought I posted about it, but can't find it in my local archives or the list archives at gmane Emails coming into the network have the following showing X-Company Name Ltd.-MailScanner-Information: Please contact the ISP for more information X-Company Name Ltd.-MailScanner: Found to be clean X-Company Name Ltd.-MailScanner-SpamCheck: not spam, SpamAssassin (score=0, required 6, autolearn=not spam) X-Company Name Ltd.-MailScanner-From: help@pdscc.com up in the message body, this is using outlook 2000 and Samsung contact. I'd like to see those headers be hidden, but still accessible by viewing the options, how do I do that. This is on mailscanner-4.49.7-1 btw. This email and any files transmitted with it are confidential and proprietary to Algorithmics Incorporated and its affiliates ("Algorithmics"). If received in error, use is prohibited. Please destroy, and notify sender. Sender does not waive confidentiality or privilege. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. Algorithmics does not accept liability for any errors or omissions. Any commitment intended to bind Algorithmics must be reduced to writing and signed by an authorized signatory. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060216/2bd34d8b/attachment.html From glenn.steen at gmail.com Thu Feb 16 20:47:11 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 16 20:47:15 2006 Subject: supress but keep headers In-Reply-To: <200602200746.XAA03910@sheridan.sibble.net> References: <200602200746.XAA03910@sheridan.sibble.net> Message-ID: <223f97700602161247h4e4f1539o@mail.gmail.com> On 16/02/06, Harondel J. Sibble wrote: > I know I had this problem before and I thought I posted about it, but can't > find it in my local archives or the list archives at gmane > > Emails coming into the network have the following showing > > X-Company Name Ltd.-MailScanner-Information: Please contact the ISP for more > information > X-Company Name Ltd.-MailScanner: Found to be clean > X-Company Name Ltd.-MailScanner-SpamCheck: not spam, SpamAssassin (score=0, > required 6, autolearn=not spam) > X-Company Name Ltd.-MailScanner-From: help@pdscc.com > > up in the message body, this is using outlook 2000 and Samsung contact. I'd > like to see those headers be hidden, but still accessible by viewing the > options, how do I do that. > > This is on mailscanner-4.49.7-1 btw. As I'm sure you know, all that differentiates body from headers is a singel bland line (). Something is likely inserting a spurious line into the headers, thus making some be part of the body.' If the "Company Name Ltd." is one you insert (note that spaces aren't allowed in that string...), something in your MailScanner setup is responsible for this. If so, just fix your setup:-):-) If the string isn't "yours", there isn't much to do, IMO... Apart from telling the admin that does own it to fix his/her setup. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Jeff.Mills at versacold.com.au Thu Feb 16 21:15:41 2006 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Thu Feb 16 21:15:48 2006 Subject: Unrecognised keyword "spamassassinprefsfile" Message-ID: <197F21E06E4D2A478519EA9078D6AA1C01B0ACB6@poclexch.AU.POCOLD.POCL> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Tommy > Pruitt > Sent: Thursday, 16 February 2006 3:40 PM > To: MailScanner discussion > Subject: RE: Unrecognised keyword "spamassassinprefsfile" > > > It won't run the upgrade_MailScanner_conf file because I don't have a > .rpmnew file to reference. This is a fresh install and the default > .conf file > > Thanks. > Apparently that directive is no longer used in MailScanner, so it is safe to comment it out. *** "This company is now part of the Versacold Holdings Corp. and is no longer owned by or affiliated with the P&O Group" *** Please update your address books: Was: firstname.lastname@pocold.com.au Now: firstname.lastname@versacold.com.au ************** www.versacold.com ************** From mailscanner at PDSCC.COM Thu Feb 16 22:12:34 2006 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Thu Feb 16 22:13:10 2006 Subject: supress but keep headers In-Reply-To: <570A16F7DB56C242B26876067D682FD002308D1B@TORMAIL.algorithmics.com> Message-ID: <200602200937.BAA04588@sheridan.sibble.net> Yes, I can enable or disable it, I want to stop it from showing up in the body of the email and to have it show up on the headers themselves. I am beginning to wonder if this may be an issue with Samsung Contact (SC). Yup looks like a SC issue, the same email to an identically configured mailscanner box with an exchange server doesn't exhibit thus issue. Once I commented out Mail Header = X-%org-name%-MailScanner: Spam Score Header = X-%org-name%-MailScanner-SpamScore: Information Header = X-%org-name%-MailScanner-Information: and changed Add Envelope From Header = no from yes to no, it's all good. Anyone running SC and know what causes this behaviour in relation to MS? SC version is 8.05 IIRC. On 16 Feb 2006 at 15:34, Derek Winkler wrote: > Look just above where you set this in MailScanner.conf > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Harondel J. > Sibble > Sent: Thursday, February 16, 2006 3:21 PM > To: mailScanner discussion > Subject: supress but keep headers > > I know I had this problem before and I thought I posted about it, but can't > find it in my local archives or the list archives at gmane > > Emails coming into the network have the following showing > > X-Company Name Ltd.-MailScanner-Information: Please contact the ISP for more > > information > X-Company Name Ltd.-MailScanner: Found to be clean > X-Company Name Ltd.-MailScanner-SpamCheck: not spam, SpamAssassin (score=0, > required 6, autolearn=not spam) > X-Company Name Ltd.-MailScanner-From: help@pdscc.com > > up in the message body, this is using outlook 2000 and Samsung contact. I'd > > like to see those headers be hidden, but still accessible by viewing the > options, how do I do that. > > This is on mailscanner-4.49.7-1 btw. > > This email and any files transmitted with it are confidential and > proprietary to Algorithmics Incorporated and its affiliates > ("Algorithmics"). If received in error, use is prohibited. Please destroy, > and notify sender. Sender does not waive confidentiality or privilege. > Internet communications cannot be guaranteed to be timely, secure, error or > virus-free. Algorithmics does not accept liability for any errors or > omissions. Any commitment intended to bind Algorithmics must be reduced to > writing and signed by an authorized signatory. > -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From mailscanner at PDSCC.COM Thu Feb 16 22:30:05 2006 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Thu Feb 16 22:30:12 2006 Subject: supress but keep headers In-Reply-To: <223f97700602161247h4e4f1539o@mail.gmail.com> References: <200602200746.XAA03910@sheridan.sibble.net> Message-ID: <200602200955.BAA04713@sheridan.sibble.net> On 16 Feb 2006 at 21:47, Glenn Steen wrote: > If the "Company Name Ltd." is one you insert (note that spaces aren't > allowed in that string...), something in your MailScanner setup is > responsible for this. If so, just fix your setup:-):-) , DOH! Thanks, there were spaces. My bad :-| -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From taz at taz-mania.com Thu Feb 16 23:15:18 2006 From: taz at taz-mania.com (Dennis Willson) Date: Thu Feb 16 23:15:28 2006 Subject: Blocking an individual email address In-Reply-To: <015801c6330f$fc9f4460$2e07a8c0@domfirst.local> References: <015801c6330f$fc9f4460$2e07a8c0@domfirst.local> Message-ID: <43F50786.30704@taz-mania.com> without a little more information I cannot tell for sure, but it sounds like the client that's running Outlook is on an IP address block that's allowed to relay and there's something about how openwebmail sends its mail that doesn't appear to be in the client address block. Possibly openwebmail is doing a local invocation of Sendmail to send instead of using a socket so it doesn't appear to have an address to be allowed. Just a thought... James Csoka wrote: > I'm reposting this here to see if maybe anyone here knows of some reason > that Mailscanner would or would not be causing the issue that I seem to > be having. I posted this in freebsd-questions, but I'm not having much > luck figuring out what is happening. Any help would be greatly appreciated. > > > I have a mail server (it also functions as a firewall) running freebsd5.4, > with mailscanner, openwebmail, and sendmail. I wish to block an individual > email address, but I do not want to mark it as spam. My first solution was > to add the blacklist feature to the sendmail.mc file, and recreate the .cf > file, which I did. I then added the line To:user@example.com REJECT to the > /etc/mail/access file, and ran make maps. I also had added the line > user@example.com REJECT. > > This then blocked that address from sending email to people on my internal > network. When I tested it from outside my network I used openwebmail as a > web interface to send email to that address, and it failed. Which was what > I wanted. However, from inside my network, using Outlook, you can send > email to that address without a problem. > > It seems as if the access.db is doing it's job. When using openwebmail, the > smtp server rejects any attempt to send mail to that address. however, > locally, it does not. When i'm sitting in front of my windows client, I can > use Outlook and send email to that address without a problem. > > Does anyone know why via a web interface, the access file rules would apply, > yet they would be ignored when sending mail from inside the network using > Outlook to send external email? > From brent.addis at pronet.co.nz Thu Feb 16 23:47:30 2006 From: brent.addis at pronet.co.nz (Brent Addis) Date: Thu Feb 16 23:47:50 2006 Subject: exim4 / mailscanner 4.50.15 spool issues In-Reply-To: <43F2A61C.5080109@pronet.co.nz> References: <43F2A61C.5080109@pronet.co.nz> Message-ID: <43F50F12.4050202@pronet.co.nz> Hello, I downgraded to 4.48.4 and the issue seems to have sorted itself. Are there any known issues with 4.50 that could cause these spool errors? Brent Addis wrote: > Hi, > > I seem to be getting a few spool issues with exim4 / mailscanner. > > We are currently only running a fairly small setup, processing roughly > 1500 messages a day. > > however, we get ocassional error such as: > > 2006-02-15 09:08:09 1F96Sn-0003Ot-8X Spool file 1F96Sn-0003Ot-8X-D not > found in our exim mainlog. > > I have exim using differing incoming/outgoing directories. > > It seems sort of random. Out of 1500 messages processes, it has > happened with 6. All at varying times, all from varying senders. > > None are spam nor viruses. > > MailScanner version 4.50.15 & Exim 4.50 > > > a MailScanner --lint finds no issues. > > Does anyone have any ideas? > > MailScanner -v below : > > Running on > Linux PROHOST113 2.6.14.3 #1 SMP Wed Dec 14 09:25:32 NZDT 2005 i686 > GNU/Linux > This is Perl version 5.008007 (5.8.7) > > This is MailScanner version 4.50.15 > Module versions are: > 1.00 AnyDBM_File > 1.14 Archive::Zip > 1.04 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.07 File::Path > 0.16 File::Temp > 1.32 HTML::Entities > 3.48 HTML::Parser > 2.35 HTML::TokeParser > 1.21 IO > 1.11 IO::File > 1.123 IO::Pipe > 1.71 Mail::Header > 3.05 MIME::Base64 > 5.419 MIME::Decoder > 5.419 MIME::Decoder::UU > 5.419 MIME::Head > 5.419 MIME::Parser > 3.03 MIME::QuotedPrint > 5.419 MIME::Tools > 0.10 Net::CIDR > 1.08 POSIX > 1.77 Socket > 0.06 Sys::Syslog > 1.86 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.811 DB_File > 1.11 DBD::SQLite > 1.50 DBI > 1.10 Digest > 1.01 Digest::HMAC > 2.33 Digest::MD5 > 2.10 Digest::SHA1 > 0.44 Inline > missing Mail::ClamAV > 3.000003 Mail::SpamAssassin > 1.997 Mail::SPF::Query > 0.15 Net::CIDR::Lite > 0.48 Net::DNS > missing Net::LDAP > 1.94 Parse::RecDescent > missing SAVI > 1.2 Sys::Hostname::Long > 2.48 Test::Harness > 0.54 Test::Simple > 1.95 Text::Balanced > 1.35 URI > From KShortt at ussco.com Fri Feb 17 04:32:32 2006 From: KShortt at ussco.com (Shortt, Kevin) Date: Fri Feb 17 04:32:45 2006 Subject: Dynamic archive file Message-ID: <122DFF9D468A2F4DAC3405E57A39DF78018E267A@Fsc-Mail-2.na.ds.ussco.com> There were no takers on this one. I'll restate to see if I can get some ideas... Is there a way to set the archive destination in a rules file with environment variables? Or call a function inside a rules file to set the variables? I want these variables to change every hour so that I can have the filenames be CCYY-MM-DD-HH. Any help is greatly appreciated. -k From ganci at nurdog.com Fri Feb 17 04:52:17 2006 From: ganci at nurdog.com (Paul R. Ganci) Date: Fri Feb 17 04:53:11 2006 Subject: MailScanner won't notify recipients when quarantine messages/attachments In-Reply-To: <223f97700602160439g58ffa0b8p@mail.gmail.com> References: <20060216055658.85670.qmail@web35606.mail.mud.yahoo.com> <43F417FB.3080207@nurdog.com> <223f97700602160439g58ffa0b8p@mail.gmail.com> Message-ID: <43F55681.6090800@nurdog.com> Glenn Steen wrote: >On 16/02/06, Paul R. Ganci wrote: > > > >What do you have "Still Deliver Silent Viruses" set to? "Silent >Viruses"? That combination of settings is what handles delivery of >"cleaned" messages (as opposed to settings regarding >"disinfection"...). > > Silent Viruses = HTML-IFrame All-Viruses Still Deliver Silent Viruses = no It has been like this for quite a while, so I don't appreciate why this should have caused a change of behavior >I'm not grinning. Don't do that. Or ask yourself "Do I want to be part >of the problem";-). > > I know that is why it was set to no. I tried an experiment. -- Paul (ganci@nurdog.com) From ganci at nurdog.com Fri Feb 17 04:55:17 2006 From: ganci at nurdog.com (Paul R. Ganci) Date: Fri Feb 17 04:55:49 2006 Subject: MailScanner won't notify recipients when quarantine messages/attachments In-Reply-To: <20060216102336.99055.qmail@web35610.mail.mud.yahoo.com> References: <20060216102336.99055.qmail@web35610.mail.mud.yahoo.com> Message-ID: <43F55735.1010204@nurdog.com> spart cus wrote: > -- > what type of attachment ? so its ok set Notify sender = no since you > dont want the sender specially a spammer having to receive the > message. You would like to check the Reports and Responses portion Pretty much anything with a banned attachment such as .exe. The .exe will end up in quarantine but no message is actually delivered to the recipient to let them know that a .exe was stripped from their Email. Therefore they have no inkling that a message even sent to them let alone that it was doctored. -- Paul (ganci@nurdog.com) From mikej at rogers.com Fri Feb 17 07:53:08 2006 From: mikej at rogers.com (Mike Jakubik) Date: Fri Feb 17 07:52:54 2006 Subject: Threaded or non-threaded perl for mailscanner? Message-ID: <43F580E4.4070707@rogers.com> Does MailScanner support threading when perl is compiled with thread suppport? From shuttlebox at gmail.com Fri Feb 17 09:14:26 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Feb 17 09:14:30 2006 Subject: Dynamic archive file In-Reply-To: <122DFF9D468A2F4DAC3405E57A39DF78018E267A@Fsc-Mail-2.na.ds.ussco.com> References: <122DFF9D468A2F4DAC3405E57A39DF78018E267A@Fsc-Mail-2.na.ds.ussco.com> Message-ID: <625385e30602170114y4bc67256u87deda412aeadd71@mail.gmail.com> On 2/17/06, Shortt, Kevin wrote: > > > There were no takers on this one. I'll restate to see if I can get some > ideas... > > Is there a way to set the archive destination in a rules file with > environment variables? > Or call a function inside a rules file to set the variables? > I want these variables to change every hour so that I can have the > filenames > be CCYY-MM-DD-HH. > > Any help is greatly appreciated. > Have you tried? I know you can use environment variables in MailScanner.confbut I'm not sure when it comes to rulesets. Anyway I think MailScanner reads the config and rulesets only every 4 hours (default time for children restart) so it wouldn't change every hour like you want it to. I would have done it outside MS with a cron job. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060217/5f1da4f4/attachment-0001.html From glenn.steen at gmail.com Fri Feb 17 11:55:24 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 17 11:55:27 2006 Subject: Dynamic archive file In-Reply-To: <122DFF9D468A2F4DAC3405E57A39DF78018E267A@Fsc-Mail-2.na.ds.ussco.com> References: <122DFF9D468A2F4DAC3405E57A39DF78018E267A@Fsc-Mail-2.na.ds.ussco.com> Message-ID: <223f97700602170355j54135f1aj@mail.gmail.com> On 17/02/06, Shortt, Kevin wrote: > > There were no takers on this one. I'll restate to see if I can get some > ideas... > > Is there a way to set the archive destination in a rules file with > environment variables? > Or call a function inside a rules file to set the variables? > I want these variables to change every hour so that I can have the filenames > be CCYY-MM-DD-HH. > > Any help is greatly appreciated. > > -k Jules should be back pretty soon (After the weekend?), and might perhaps be persuaded to implement an _HOUR_ tag that functions similarily to the current _DATE_ thing;). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mdailey at marlboro.edu Fri Feb 17 13:13:14 2006 From: mdailey at marlboro.edu (Matthew L. Dailey) Date: Fri Feb 17 13:13:20 2006 Subject: Filetype false positive? Message-ID: <63EBAE11-F8C3-4093-AD66-A1DAF5A42518@marlboro.edu> We've run into what I think may be a false positive in the filetype match, although it is _very_ obscure. If we send a message which begins with the letters 'LZ', the message is detected as an executable. We have had this problem for a while, but I just built a completely new installation of our mail gateway with MS 4.50.15 hoping it would be gone, but it's not. In order to replicate this, the message must begin with these two letters, and they must be in caps. Here are the rules for executables that I'm using in filetype.rules.conf: deny executable No executables No programs allowed deny ELF No executables No programs allowed I know this is pretty weird and obscure, but one of the higher-ups in our administration has the initials LZ and the President likes to start e-mails to this individual with 'LZ-', which triggers this every time. Anyone have any ideas on this one? I took a quick look at the MS code, but nothing jumped out at me - perhaps it's in one of the parser or decoder modules that MS uses? - Matthew L. Dailey Director of Networks and Support Services Marlboro College mdailey _at_ marlboro _dot_ edu -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2423 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060217/06f926be/smime.bin From jakari at blueavian.com Fri Feb 17 13:36:38 2006 From: jakari at blueavian.com (Jameel Akari) Date: Fri Feb 17 13:36:06 2006 Subject: Filetype false positive? In-Reply-To: <63EBAE11-F8C3-4093-AD66-A1DAF5A42518@marlboro.edu> Message-ID: On 2/17/06 8:13 AM, "Matthew L. Dailey" wrote: > We've run into what I think may be a false positive in the filetype > match, although it is _very_ obscure. If we send a message which > begins with the letters 'LZ', the message is detected as an > executable. We have had this problem for a while, but I just built a The system "file" command is picking this up. Quick test: $ echo "LZ- " > foo.txt $ file foo.txt foo.txt: MS-DOS executable (built-in) A workaround might be to edit your local /usr/share/magic so that it doesn't catch the "LZ" string. Of course, this means that any executables of that format will not get detected by this means, so there's a risk. -- Jameel Akari From shuttlebox at gmail.com Fri Feb 17 13:38:34 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Feb 17 13:38:38 2006 Subject: Filetype false positive? In-Reply-To: <63EBAE11-F8C3-4093-AD66-A1DAF5A42518@marlboro.edu> References: <63EBAE11-F8C3-4093-AD66-A1DAF5A42518@marlboro.edu> Message-ID: <625385e30602170538l6baf23ebp9ee66660c58cb5a8@mail.gmail.com> On 2/17/06, Matthew L. Dailey wrote: > > We've run into what I think may be a false positive in the filetype > match, although it is _very_ obscure. If we send a message which > begins with the letters 'LZ', the message is detected as an > executable. We have had this problem for a while, but I just built a > completely new installation of our mail gateway with MS 4.50.15 > hoping it would be gone, but it's not. In order to replicate this, > the message must begin with these two letters, and they must be in > caps. Here are the rules for executables that I'm using in > filetype.rules.conf: > deny executable No executables No programs allowed > deny ELF No executables No programs allowed > > I know this is pretty weird and obscure, but one of the higher-ups in > our administration has the initials LZ and the President likes to > start e-mails to this individual with 'LZ-', which triggers this > every time. > > Anyone have any ideas on this one? I took a quick look at the MS > code, but nothing jumped out at me - perhaps it's in one of the > parser or decoder modules that MS uses? > You will not find anything in the MS code since it uses the standard Unix "file" command to determine the file type. Read the man page for that command to find the "magic" file that contains signatures. It seems that different Unix flavors come with different magic files, some contain more signatures and might be more prone to false alarms. One solution, granted not the best, would be to use a ruleset so that LZ guy can send executables. Quick and dirty fix. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060217/2ef75942/attachment.html From glenn.steen at gmail.com Fri Feb 17 13:59:43 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Feb 17 13:59:46 2006 Subject: Filetype false positive? In-Reply-To: <63EBAE11-F8C3-4093-AD66-A1DAF5A42518@marlboro.edu> References: <63EBAE11-F8C3-4093-AD66-A1DAF5A42518@marlboro.edu> Message-ID: <223f97700602170559r17549dd8m@mail.gmail.com> On 17/02/06, Matthew L. Dailey wrote: > We've run into what I think may be a false positive in the filetype > match, although it is _very_ obscure. If we send a message which > begins with the letters 'LZ', the message is detected as an > executable. We have had this problem for a while, but I just built a > completely new installation of our mail gateway with MS 4.50.15 > hoping it would be gone, but it's not. In order to replicate this, > the message must begin with these two letters, and they must be in > caps. Here are the rules for executables that I'm using in > filetype.rules.conf: > deny executable No executables No programs allowed > deny ELF No executables No programs allowed > > I know this is pretty weird and obscure, but one of the higher-ups in > our administration has the initials LZ and the President likes to > start e-mails to this individual with 'LZ-', which triggers this > every time. > > Anyone have any ideas on this one? I took a quick look at the MS > code, but nothing jumped out at me - perhaps it's in one of the > parser or decoder modules that MS uses? > > - Matthew L. Dailey > Director of Networks and Support Services > Marlboro College > mdailey _at_ marlboro _dot_ edu > > This isn't really MailScanner, it is an idiosyncrasity of the file command/its "magic" file... Doing a simple test, one can see what happens: # cat aa LZ-skdfjldksj # file aa aa: MS-DOS executable (built-in) # And looking through the magic file (residing in /usr/share/misc/file/magic on a Mandriva of mine), one has the line: # miscellaneous formats 0 string LZ MS-DOS executable (built-in) ... So the problem is squarely in a rather optimistic file config. You could either stop using the filetype checks, perhaps just for your boss (via a ruleset), or you could fiddle with the magic file... Why not just comment out that line? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Fri Feb 17 16:43:53 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 17 16:43:59 2006 Subject: Debugging & SA.pm In-Reply-To: <223f97700602090707n65024c63j@mail.gmail.com> References: <43EB4F48.4090505@dynamictelecard.com> <223f97700602090707n65024c63j@mail.gmail.com> Message-ID: <43F5FD49.4090801@ecs.soton.ac.uk> Glenn Steen wrote: > On 09/02/06, Jeff Davis wrote: > >> I've narrowed my problem. >> Everything including mailwatch works fine except >> when I have Use Spamassassin = yes >> Then the messages just sit in the hold queue. >> >> I tried turnning on debugging in MailScanner.conf >> and I see this when I restart. >> Is this a db permissions problem? (That line has a CREATE TABLE statement.) >> >> >> Starting MailScanner daemons: >> incoming postfix: [ OK ] >> outgoing postfix: [ OK ] >> MailScanner: In Debugging mode, not forking... >> Can't call method "do" on an undefined value at >> /usr/lib/MailScanner/MailScanner/SA.pm line 172. >> [ OK ] >> > > Yes, very likely. Your Run As user/group need be able to create the > SQLite SA cache db-file in /var/spool/MailScanner/incoming. If you > have upgraded, you might have done the same type of no-no I did.... > Which is to say that I ran MailScanner --lint _before_ I had run the > upgrade_MailScanner_conf ... The configuration had a spurious line in > it that resulted in the lint running as root, creating the spam cache > db with root privs ... which postfix (of course) couldn't live > with:-). If this is is, you need remove that file, then try start > MailScanner again. > Make sure you have the very latest version and have done an upgrade_MailScanner_conf. In the previous release there was a bug in the default setting of the cache database which was used if you hadn't done an upgrade_MailScanner_conf. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mdailey at marlboro.edu Fri Feb 17 16:52:00 2006 From: mdailey at marlboro.edu (Matthew L. Dailey) Date: Fri Feb 17 16:52:06 2006 Subject: Filetype false positive? Message-ID: Thanks for the quick responses everyone - I figured it was something obvious that I just wasn't seeing. Good thing I don't have any users with the initials 'MZ' or 'CREG' :-) I'm thinking probably commenting out the line in my magic file is less risk that allowing any user (even the president) a blanket exemption to send executables... Cheers! - Matthew L. Dailey Director of Networks and Support Services Marlboro College mdailey _at_ marlboro _dot_ edu From rgreen at trayerproducts.com Fri Feb 17 19:06:34 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Fri Feb 17 19:06:50 2006 Subject: OT: IMAP and POP3 Message-ID: <43F61EBA.2000800@trayerproducts.com> Hello, Will IMAP and POP3 operate properly when installed side-by-side on the same server? Rod -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From listacct at tulsaconnect.com Fri Feb 17 19:18:22 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Fri Feb 17 19:16:21 2006 Subject: OT: IMAP and POP3 In-Reply-To: <43F61EBA.2000800@trayerproducts.com> References: <43F61EBA.2000800@trayerproducts.com> Message-ID: <43F6217E.6070904@tulsaconnect.com> Rodney Green wrote: > > Hello, > > Will IMAP and POP3 operate properly when installed side-by-side on the > same server? > > Rod > Yes. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From john at jolet.net Fri Feb 17 19:20:01 2006 From: john at jolet.net (John Jolet) Date: Fri Feb 17 19:20:00 2006 Subject: OT: IMAP and POP3 In-Reply-To: <43F61EBA.2000800@trayerproducts.com> Message-ID: On 2/17/06 1:06 PM, "Rodney Green" wrote: > > Hello, > > Will IMAP and POP3 operate properly when installed side-by-side on the > same server? Why wouldn't they? The only issue might be if a "user" logged in via imap and downloaded the list of headers, then the same "user" logged in via pop and downloaded all unread messages, not leaving copies on the server, and then the same "user" tried to read one of those messages via imap....they'll get a message that the message no longer exists (how that's phrased is a client-side issue). I run both imap and pop on my server, but generally discourage people from using pop if they can possibly run an imap client. > > Rod From mkettler at evi-inc.com Fri Feb 17 19:31:10 2006 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Feb 17 19:31:21 2006 Subject: OT: IMAP and POP3 In-Reply-To: References: Message-ID: <43F6247E.2070502@evi-inc.com> John Jolet wrote: > > > On 2/17/06 1:06 PM, "Rodney Green" wrote: > >> Hello, >> >> Will IMAP and POP3 operate properly when installed side-by-side on the >> same server? > Why wouldn't they? The only issue might be if a "user" logged in via imap > and downloaded the list of headers, then the same "user" logged in via pop > and downloaded all unread messages, not leaving copies on the server, and > then the same "user" tried to read one of those messages via imap....they'll > get a message that the message no longer exists (how that's phrased is a > client-side issue). I generally refer to this as a PEBKAC.. "Problem Exists Between Keyboard And Chair" :) From john at jolet.net Fri Feb 17 19:39:05 2006 From: john at jolet.net (John Jolet) Date: Fri Feb 17 19:39:00 2006 Subject: OT: IMAP and POP3 In-Reply-To: <43F6247E.2070502@evi-inc.com> Message-ID: On 2/17/06 1:31 PM, "Matt Kettler" wrote: > John Jolet wrote: >> >> >> On 2/17/06 1:06 PM, "Rodney Green" wrote: >> >>> Hello, >>> >>> Will IMAP and POP3 operate properly when installed side-by-side on the >>> same server? >> Why wouldn't they? The only issue might be if a "user" logged in via imap >> and downloaded the list of headers, then the same "user" logged in via pop >> and downloaded all unread messages, not leaving copies on the server, and >> then the same "user" tried to read one of those messages via imap....they'll >> get a message that the message no longer exists (how that's phrased is a >> client-side issue). > > I generally refer to this as a PEBKAC.. > > "Problem Exists Between Keyboard And Chair" > > :) Or the nut behind the keyboard. Really, this happens when either you have shared mailboxes and poor control over client configuration, or if you have someone who has, say a computer at home and one at work, and they are not set up the same. From rgreen at trayerproducts.com Fri Feb 17 19:45:14 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Fri Feb 17 19:45:31 2006 Subject: OT: IMAP and POP3 In-Reply-To: References: Message-ID: <43F627CA.2000503@trayerproducts.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060217/688baee0/attachment.html From john at jolet.net Fri Feb 17 19:59:07 2006 From: john at jolet.net (John Jolet) Date: Fri Feb 17 19:59:03 2006 Subject: OT: IMAP and POP3 In-Reply-To: <43F627CA.2000503@trayerproducts.com> Message-ID: On 2/17/06 1:45 PM, "Rodney Green" wrote: > > > >> >>> >>> Hello, >>> >>> Will IMAP and POP3 operate properly when installed side-by-side on the >>> same server? >>> >>> >> >> Why wouldn't they? The only issue might be if a "user" logged in via imap >> and downloaded the list of headers, then the same "user" logged in via pop >> and downloaded all unread messages, not leaving copies on the server, and >> then the same "user" tried to read one of those messages via imap....they'll >> get a message that the message no longer exists (how that's phrased is a >> client-side issue). >> >> I run both imap and pop on my server, but generally discourage people from >> using pop if they can possibly run an imap client. >> > > My mail is stored in /var/spool/mail/username files. Does IMAP just access > those? I've never done anything with IMAP. > If you have any tips on getting it running and configured that would be much > appreciated. > > Thanks, > Rod Well, if you email me offline, I?d be happy to help. Not really a mailscanner thing. Email me at john@jolet.net. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060217/b5170622/attachment.html From rgreen at trayerproducts.com Fri Feb 17 19:58:49 2006 From: rgreen at trayerproducts.com (Rodney Green) Date: Fri Feb 17 19:59:07 2006 Subject: OT: IMAP and POP3 In-Reply-To: References: Message-ID: <43F62AF9.6080306@trayerproducts.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060217/89260729/attachment.html From jimcsoka at dominionfirstmortgage.com Fri Feb 17 20:43:54 2006 From: jimcsoka at dominionfirstmortgage.com (James Csoka) Date: Fri Feb 17 20:25:36 2006 Subject: Blocking an individual email address References: <015801c6330f$fc9f4460$2e07a8c0@domfirst.local> <43F50786.30704@taz-mania.com> Message-ID: <02d501c63402$de0f4740$2e07a8c0@domfirst.local> Bah....I think I figured it out....kinda sucks :P I'm running drac as well - therefore, probably what is happening is that the user from internally is allowed to relay via drac, and this seems to override and/or replace /etc/mail/access.db, while this file is still effective when the IP is external, as they are not connecting via IMAP from outside my network, but via the web interface. -jim ----- Original Message ----- From: "Dennis Willson" To: "MailScanner discussion" Sent: Thursday, February 16, 2006 6:15 PM Subject: Re: Blocking an individual email address > without a little more information I cannot tell for sure, but it sounds like the client that's running Outlook is on an IP address > block that's allowed to relay and there's something about how openwebmail sends its mail that doesn't appear to be in the client > address block. Possibly openwebmail is doing a local invocation of Sendmail to send instead of using a socket so it doesn't appear > to have an address to be allowed. > > Just a thought... > > James Csoka wrote: > > I'm reposting this here to see if maybe anyone here knows of some reason > > that Mailscanner would or would not be causing the issue that I seem to > > be having. I posted this in freebsd-questions, but I'm not having much > > luck figuring out what is happening. Any help would be greatly appreciated. > > > > > > I have a mail server (it also functions as a firewall) running freebsd5.4, > > with mailscanner, openwebmail, and sendmail. I wish to block an individual > > email address, but I do not want to mark it as spam. My first solution was > > to add the blacklist feature to the sendmail.mc file, and recreate the .cf > > file, which I did. I then added the line To:user@example.com REJECT to the > > /etc/mail/access file, and ran make maps. I also had added the line > > user@example.com REJECT. > > > > This then blocked that address from sending email to people on my internal > > network. When I tested it from outside my network I used openwebmail as a > > web interface to send email to that address, and it failed. Which was what > > I wanted. However, from inside my network, using Outlook, you can send > > email to that address without a problem. > > > > It seems as if the access.db is doing it's job. When using openwebmail, the > > smtp server rejects any attempt to send mail to that address. however, > > locally, it does not. When i'm sitting in front of my windows client, I can > > use Outlook and send email to that address without a problem. > > > > Does anyone know why via a web interface, the access file rules would apply, > > yet they would be ignored when sending mail from inside the network using > > Outlook to send external email? > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From hermit921 at yahoo.com Fri Feb 17 20:38:44 2006 From: hermit921 at yahoo.com (hermit921) Date: Fri Feb 17 20:38:25 2006 Subject: OT: IMAP and POP3 In-Reply-To: References: <43F6247E.2070502@evi-inc.com> Message-ID: <6.2.1.2.2.20060217123627.05dacab0@pop.mail.yahoo.com> >On 2/17/06 1:06 PM, "Rodney Green" wrote: > >Hello, > >Will IMAP and POP3 operate properly when installed side-by-side on the >same server? I have seen a few cases lately where a user does IMAP and POP intermixed, but not simultaneously. A sad result is that the mail file (mbox format) can get corrupted and neither access protocol works. hermit921 From campbell at cnpapers.com Fri Feb 17 21:40:17 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Feb 17 21:40:39 2006 Subject: OT: IMAP and POP3 References: <43F6247E.2070502@evi-inc.com> <6.2.1.2.2.20060217123627.05dacab0@pop.mail.yahoo.com> Message-ID: <001a01c6340a$be5533d0$0705000a@DDF5DW71> ----- Original Message ----- From: "hermit921" To: "MailScanner discussion" Sent: Friday, February 17, 2006 3:38 PM Subject: Re: OT: IMAP and POP3 > >>On 2/17/06 1:06 PM, "Rodney Green" wrote: >> >>Hello, >> >>Will IMAP and POP3 operate properly when installed side-by-side on the >>same server? > > I have seen a few cases lately where a user does IMAP and POP intermixed, > but not simultaneously. A sad result is that the mail file (mbox format) > can get corrupted and neither access protocol works. > > hermit921 > > -- I have never had any luck with shared IMAP accounts. Either someone deletes something at the same time someone else deletes another email, corrupting something, or no one ever cleans out the mailbox. Time limits on the mailbox don't seem to work either. Without very firm controls over the individual email accounts, it just becomes a nightmare. If anyone can suggest a solution, I'm ready to listen. Thanks Steve Campbell campbell@cnpapers.com Charleston Newspapers From lars+lister.mailscanner at adventuras.no Fri Feb 17 23:03:14 2006 From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen) Date: Fri Feb 17 23:03:42 2006 Subject: OT: IMAP and POP3 In-Reply-To: <001a01c6340a$be5533d0$0705000a@DDF5DW71> References: <43F6247E.2070502@evi-inc.com> <6.2.1.2.2.20060217123627.05dacab0@pop.mail.yahoo.com> <001a01c6340a$be5533d0$0705000a@DDF5DW71> Message-ID: <43F65632.8050409@adventuras.no> Steve Campbell skrev: > > ----- Original Message ----- From: "hermit921" > To: "MailScanner discussion" > Sent: Friday, February 17, 2006 3:38 PM > Subject: Re: OT: IMAP and POP3 > > >> >>> On 2/17/06 1:06 PM, "Rodney Green" wrote: >>> >>> Hello, >>> >>> Will IMAP and POP3 operate properly when installed side-by-side on the >>> same server? >> >> I have seen a few cases lately where a user does IMAP and POP >> intermixed, but not simultaneously. A sad result is that the mail >> file (mbox format) can get corrupted and neither access protocol works. >> >> hermit921 >> >> -- > > I have never had any luck with shared IMAP accounts. Either someone > deletes something at the same time someone else deletes another email, > corrupting something, or no one ever cleans out the mailbox. Time > limits on the mailbox don't seem to work either. > > Without very firm controls over the individual email accounts, it just > becomes a nightmare. > > If anyone can suggest a solution, I'm ready to listen. cyrus-imapd perhaps? -- Regards from Lars > > Thanks > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers > > From ganci at nurdog.com Sat Feb 18 03:40:53 2006 From: ganci at nurdog.com (Paul R. Ganci) Date: Sat Feb 18 03:41:49 2006 Subject: MailScanner won't notify recipients when quarantine messages/attachments In-Reply-To: <43F403EE.90101@nurdog.com> References: <43F403EE.90101@nurdog.com> Message-ID: <43F69745.3000802@nurdog.com> Paul R. Ganci wrote: > I recently upgraded 3 different MailScanner installations to 4.50.15. > Ever since I did that recipients of messages which had attachments > stripped are no longer notified that the attachment is quarantined on > all 3 installations. Well I don't know what I changed but I finally made MailScanner notify recipients when files get stripped. I started with the 4.50.15 MailScanner.conf.rpmnew file and went through each setting line by line replacing the value with that found in my current MailScanner.conf file. I then restarted MailScanner and now have the desired behavior. I wish I could tell you which setting I did the trick ... oh well. -- Paul (ganci@nurdog.com) From dhawal at netmagicsolutions.com Sat Feb 18 07:45:18 2006 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Sat Feb 18 07:45:25 2006 Subject: OT: IMAP and POP3 In-Reply-To: <001a01c6340a$be5533d0$0705000a@DDF5DW71> References: <43F6247E.2070502@evi-inc.com> <6.2.1.2.2.20060217123627.05dacab0@pop.mail.yahoo.com> <001a01c6340a$be5533d0$0705000a@DDF5DW71> Message-ID: <43F6D08E.5020609@netmagicsolutions.com> Steve Campbell wrote: >>> On 2/17/06 1:06 PM, "Rodney Green" wrote: >>> >>> Hello, >>> >>> Will IMAP and POP3 operate properly when installed side-by-side on the >>> same server? >> >> I have seen a few cases lately where a user does IMAP and POP >> intermixed, but not simultaneously. A sad result is that the mail >> file (mbox format) can get corrupted and neither access protocol works. >> >> hermit921 > > I have never had any luck with shared IMAP accounts. Either someone > deletes something at the same time someone else deletes another email, > corrupting something, or no one ever cleans out the mailbox. Time limits > on the mailbox don't seem to work either. > > Without very firm controls over the individual email accounts, it just > becomes a nightmare. > > If anyone can suggest a solution, I'm ready to listen. Have you considered using the Maildir format (with maybe courier-imap) over mbox?? i have never seen any corruption to date (slowness yes, corruption no.. but thats more of a filesystem debate) - dhawal From glenn.steen at gmail.com Sat Feb 18 11:10:33 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Feb 18 11:10:36 2006 Subject: OT: IMAP and POP3 In-Reply-To: <43F6D08E.5020609@netmagicsolutions.com> References: <43F6247E.2070502@evi-inc.com> <6.2.1.2.2.20060217123627.05dacab0@pop.mail.yahoo.com> <001a01c6340a$be5533d0$0705000a@DDF5DW71> <43F6D08E.5020609@netmagicsolutions.com> Message-ID: <223f97700602180310v360f33d3n@mail.gmail.com> On 18/02/06, Dhawal Doshy wrote: > Steve Campbell wrote: > >>> On 2/17/06 1:06 PM, "Rodney Green" wrote: > >>> > >>> Hello, > >>> > >>> Will IMAP and POP3 operate properly when installed side-by-side on the > >>> same server? > >> > >> I have seen a few cases lately where a user does IMAP and POP > >> intermixed, but not simultaneously. A sad result is that the mail > >> file (mbox format) can get corrupted and neither access protocol works. > >> > >> hermit921 > > > > I have never had any luck with shared IMAP accounts. Either someone > > deletes something at the same time someone else deletes another email, > > corrupting something, or no one ever cleans out the mailbox. Time limits > > on the mailbox don't seem to work either. > > > > Without very firm controls over the individual email accounts, it just > > becomes a nightmare. > > > > If anyone can suggest a solution, I'm ready to listen. > > Have you considered using the Maildir format (with maybe courier-imap) > over mbox?? i have never seen any corruption to date (slowness yes, > corruption no.. but thats more of a filesystem debate) > > - dhawal Courier is an excellent suggestion, since you get less chance of "complete corruption", but also because it supports "soft" quotas. Dovecot will have these things too, but.... It's been a long while where they've promised soft (or ndeed working soft or hard) quotas, so ... go with what works. Courier imap also incorporates a good popd that work with Maildir... Just a bonus (noted the SBS (Skit Bakom Spakarna ... loosely translated to Sh*t Behind the Stick/Steeringwheel) problems that might arise:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From drew at themarshalls.co.uk Sat Feb 18 12:47:01 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Sat Feb 18 12:47:18 2006 Subject: OT: IMAP and POP3 In-Reply-To: <223f97700602180310v360f33d3n@mail.gmail.com> References: <43F6247E.2070502@evi-inc.com> <6.2.1.2.2.20060217123627.05dacab0@pop.mail.yahoo.com> <001a01c6340a$be5533d0$0705000a@DDF5DW71> <43F6D08E.5020609@netmagicsolutions.com> <223f97700602180310v360f33d3n@mail.gmail.com> Message-ID: <1A700529-E731-45A0-99AB-E2BF4F4BE3FC@themarshalls.co.uk> On 18 Feb 2006, at 11:10, Glenn Steen wrote: >> Have you considered using the Maildir format (with maybe courier- >> imap) >> over mbox?? i have never seen any corruption to date (slowness yes, >> corruption no.. but thats more of a filesystem debate) >> >> - dhawal > Courier is an excellent suggestion, since you get less chance of > "complete corruption", but also because it supports "soft" quotas. > Dovecot will have these things too, but.... It's been a long while > where they've promised soft (or ndeed working soft or hard) quotas, so > ... go with what works. > Courier imap also incorporates a good popd that work with Maildir... > Just a bonus (noted the SBS (Skit Bakom Spakarna ... loosely > translated to Sh*t Behind the Stick/Steeringwheel) problems that might > arise:-). And indeed will do shared folders, auto removal of 'old' mail (Use that a lot for people who can never throw anything away :-) Deleted items are just that, as I tell my users. You get 7 days to change your mind!) , authenticate using LDAP, MySQL, amongst others and will even sort of cluster. In short, it's got most of the toys. I quite like it ;-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From ius at rbrana.co.id Tue Feb 7 02:20:00 2006 From: ius at rbrana.co.id (ius) Date: Sat Feb 18 13:02:08 2006 Subject: DCC failure In-Reply-To: <43E49048.2010204@ecs.soton.ac.uk> References: <43E4319E.8050301@rbrana.co.id> <43E49048.2010204@ecs.soton.ac.uk> Message-ID: <43E803D0.1060807@rbrana.co.id> Julian Field wrote: > If you didn't use my easy-installation Clam+SA package, you won't know > that you need to edit a particular file. > It is often found in /etc/mail/spamassassin/init.pre. You need to > uncomment the DCC line. > > If you want to use the SURBL plugins and various useful tools like > that, you will need to add some extra lines to load these plugins. > > My script does all this stuff for you, and tells you what to edit and > what to do. > :-) > > ius wrote: > >> Dear mailscanner, >> >> I got this error messages when do the spamassassin -D --lint -p >> /etc/MailScanner/spam.assassin.prefs.conf. My DCC installed properly >> and placed where it should be >> >> [7934] warn: config: failed to parse line, skipping: dcc_path >> /usr/local/bin/dccproc >> [7934] warn: config: failed to parse line, skipping: dcc_home /var/dcc >> >> Does anyone know what it is ? why this happening ? >> >> Thanks alot >> ius >> >> > Many thanks jules .. ius -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From smlists at masoncomputing.com Tue Feb 7 05:19:59 2006 From: smlists at masoncomputing.com (smlists@masoncomputing.com) Date: Sat Feb 18 13:02:14 2006 Subject: Slightly OT: switching from Postfix to Sendmail Message-ID: <20060206221959.e55c8b7a6d4a84cb71b697721e463b9e.4ff35da3be.wbe@email.email.secureserver.net> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060206/a421b786/attachment-0001.html From linux_spartacus at yahoo.com Wed Feb 8 10:34:34 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Sat Feb 18 13:02:18 2006 Subject: possible fraud attempt and phising on my mail logs Message-ID: <20060208103434.31448.qmail@web35615.mail.mud.yahoo.com> hi guys, found this logs on my mail server about possible fraud attempt and phising. is this normal ? Found ip-based phishing fraud from 10.2.0.0 Found ip-based phishing fraud from 255.255.255.255 Found ip-based phishing fraud from 10.1.0.0 Found ip-based phishing fraud from 255.255.255.255 . MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often malicious: ee.ee.ee.ee Sent: Wednesday, February 08, 2006 6:01 PM - Show quoted text - \n Subject: Fwd: 16 new messages in 8 topics \n - digest \n ---------- Forwarded message ---------- From: comp.dcom.sys.cisco \n group Date: \n Feb 8, 2006 5:03 PM Subject: 16 new messages in 8 topics - digest To: \n "comp.dcom.sys.cisco digest subscribers" comp.dcom.sys.cisco http://groups.google.com/group/comp.dcom.sys.cisco comp.dcom.sys.cisco@googlegroups.com Today\'s \n topics: * getting in - 4 messages, 2 authors http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/f48de60251014965 \n * memory - 4 messages, 2 authors http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/235ec15b218debea \n * Which switch? - 1 messages, 1 author http://groups.google.com/group",1] ); //-->- Show quoted text - Subject: Fwd: 16 new messages in 8 topics - digest ---------- Forwarded message ---------- From: comp.dcom.sys.cisco group Date: Feb 8, 2006 5:03 PM Subject: 16 new messages in 8 topics - digest To: "comp.dcom.sys.cisco digest subscribers" comp.dcom.sys.cisco http://groups.google.com/group/comp.dcom.sys.cisco comp.dcom.sys.cisco@googlegroups.com Today's topics: * getting in - 4 messages, 2 authors http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/f48de60251014965 * memory - 4 messages, 2 authors http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/235ec15b218debea * Which switch? - 1 messages, 1 author http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/a6263c2a6cf2f5ab \n * Definitive max flash/DRAM for a 2621 non-XM - 1 messages, 1 \n author http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/f7c8f2baa300293e \n * C3750 Layer 3 Switching and VLANs - 1 messages, 1 author http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/d9a76f870e6b9fd0 \n * PIX to PIX VPN problem - 3 messages, 2 authors http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/d8ca3eca037301b1 \n * AP1200 wds server hanging - 1 messages, 1 author http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/ebddeedf52725a9 \n * IOS for 1401. - 1 messages, 1 author http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/f0db579a12642f33 \n \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d TOPIC: \n getting in ",1] ); //-->/comp.dcom.sys.cisco/browse_thread/thread/a6263c2a6cf2f5ab * Definitive max flash/DRAM for a 2621 non-XM - 1 messages, 1 author http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/f7c8f2baa300293e * C3750 Layer 3 Switching and VLANs - 1 messages, 1 author http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/d9a76f870e6b9fd0 * PIX to PIX VPN problem - 3 messages, 2 authors http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/d8ca3eca037301b1 * AP1200 wds server hanging - 1 messages, 1 author http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/ebddeedf52725a9 * IOS for 1401. - 1 messages, 1 author http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/f0db579a12642f33 ============================================================================== TOPIC: getting in /comp.dcom.sys.cisco/browse_thread/thread/f48de60251014965 \n \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d \n 1 of 4 \u003d\u003d Date: Wed, Feb 8 2006 4:16am From: roberson@hushmail.com (Walter \n Roberson) In article <1139371420.774575.279580@f14g2000cwb.googlegroups.com>, \n wrote: [PIX 515E] >thanks for replying so wuickly. I don\'t even \n know how to do that. I >have it hooked to my pc but I heard that I have \n to match ip addresses >and telnet which is way beyong my knowledge. Is \n it a big deal to do all >of this? Take the serial cable you got \n with the PIX 515E. Connect it to a serial port on your PC. Plug the RJ45 \n end into the "console" connection on the 515E. If you don\'t know which one \n that is, look at the diagram at http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/hig63/515.htm#wp1037358 Then \n on your PC, fire up Hyperterm and set it to use the appropriate COM port at \n 9600 8 N 1. Now press return in the Hyperterm window. Alternately, \n follow the instructions in chapter 3 of the Quick Start Guide at http://www.cisco.com/univercd",1] ); //-->http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/f48de60251014965 ============================================================================== == 1 of 4 == Date: Wed, Feb 8 2006 4:16am From: roberson@hushmail.com (Walter Roberson) In article <1139371420.774575.279580@f14g2000cwb.googlegroups.com>, wrote: [PIX 515E] >thanks for replying so wuickly. I don't even know how to do that. I >have it hooked to my pc but I heard that I have to match ip addresses >and telnet which is way beyong my knowledge. Is it a big deal to do all >of this? Take the serial cable you got with the PIX 515E. Connect it to a serial port on your PC. Plug the RJ45 end into the "console" connection on the 515E. If you don't know which one that is, look at the diagram at http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/hig63/515.htm#wp1037358 Then on your PC, fire up Hyperterm and set it to use the appropriate COM port at 9600 8 N 1. Now press return in the Hyperterm window. Alternately, follow the instructions in chapter 3 of the Quick Start Guide at http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63qsg/515quick.pdf \u003d\u003d \n 2 of 4 \u003d\u003d Date: Tues, Feb 7 2006 8:35pm From: fatlobsterman@yahoo.com are \n you referring to using the pcterminal adapter with the rj45into the console \n like in figure 4-7? \u003d\u003d 3 of 4 \u003d\u003d Date: Tues, Feb 7 2006 \n 8:56pm From: fatlobsterman@yahoo.com I \n think I may be in if that is the way that you were referring to. I used \n com3 with the other info you gave me and hyperterminal says connected but \n show version does nothering- what else can I do?\\ \u003d\u003d 4 of 4 \n \u003d\u003d Date: Wed, Feb 8 2006 6:15am From: roberson@hushmail.com (Walter \n Roberson) In article <1139374576.472587.175160@o13g2000cwo.googlegroups.com>, < fatlobsterman@yahoo.com> \n wrote: [PIX 515E] >I think I may be in if that is the way that \n you were referring to. I don\'t use googlegroups for actively reading \n postings (only when I am researching old postings), so your previous \n postings are not visible on my screen. It would therefore be \n appreciated if you would follow the Usenet convention of quoting enough \n of the previous conversation to establish the context of your \n remarks. For example if you go back and re-read your message in \n isolation, you will see that there is no reference present as to what \n kind",1] ); //-->/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63qsg/515quick.pdf == 2 of 4 == Date: Tues, Feb 7 2006 8:35pm From: fatlobsterman@yahoo.com are you referring to using the pcterminal adapter with the rj45into the console like in figure 4-7? == 3 of 4 == Date: Tues, Feb 7 2006 8:56pm From: fatlobsterman@yahoo.com I think I may be in if that is the way that you were referring to. I used com3 with the other info you gave me and hyperterminal says connected but show version does nothering- what else can I do?\ == 4 of 4 == Date: Wed, Feb 8 2006 6:15am From: roberson@hushmail.com (Walter Roberson) In article <1139374576.472587.175160@o13g2000cwo.googlegroups.com>, < fatlobsterman@yahoo.com> wrote: [PIX 515E] >I think I may be in if that is the way that you were referring to. I don't use googlegroups for actively reading postings (only when I am researching old postings), so your previous postings are not visible on my screen. It would therefore be appreciated if you would follow the Usenet convention of quoting enough of the previous conversation to establish the context of your remarks. For example if you go back and re-read your message in isolation, you will see that there is no reference present as to what kindof device you are using -- that\'s why I stuck the "[PIX 515E]" \n in, to give back that necessary context. >I used com3 with \n the other info you gave me and hyperterminal says >connected but show \n version does nothering- what else can I do?\\ You haven\'t provided any \n information about what kind of PC you are using or how it is set up, so I \n will have to make wild guesses here. In most PCs that I have seen, \n COM3 is either not connected at all, or is a modem port; the standard \n serial ports that are connected are COM1 and COM2. On most laptops that I \n have seen, the standard serial ports are COM1 and COM3 with COM2 not \n present, and COM3 usually being a modem port. So, lacking further \n information, I would -suspect- that you have used the wrong COM port number \n and that if you are talking to anything, you are talking to a \n modem. \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d TOPIC: \n memory http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/235ec15b218debea \n \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d \n 1 of 4 \u003d\u003d Date: Tues, Feb 7 2006 8:18pm From: fatlobsterman@yahoo.com I \n have 2 pix- one is a 515e-UR and the other is 515e-FO. I don\'t even know \n how to get into the pix. I have it hooked up to my PC but I am clueless \n when it comes to these. Is there a place where I can go or could you \n possibly help me get it to get that information. I was told that I have to \n set up the same ips and telnet but again, I\'m clueless when it comes to \n this but I do know my way around PCs very well just to",1] ); //--> of device you are using -- that's why I stuck the "[PIX 515E]" in, to give back that necessary context. >I used com3 with the other info you gave me and hyperterminal says >connected but show version does nothering- what else can I do?\ You haven't provided any information about what kind of PC you are using or how it is set up, so I will have to make wild guesses here. In most PCs that I have seen, COM3 is either not connected at all, or is a modem port; the standard serial ports that are connected are COM1 and COM2. On most laptops that I have seen, the standard serial ports are COM1 and COM3 with COM2 not present, and COM3 usually being a modem port. So, lacking further information, I would -suspect- that you have used the wrong COM port number and that if you are talking to anything, you are talking to a modem. ============================================================================== TOPIC: memory http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/235ec15b218debea ============================================================================== == 1 of 4 == Date: Tues, Feb 7 2006 8:18pm From: fatlobsterman@yahoo.com I have 2 pix- one is a 515e-UR and the other is 515e-FO. I don't even know how to get into the pix. I have it hooked up to my PC but I am clueless when it comes to these. Is there a place where I can go or could you possibly help me get it to get that information. I was told that I have to set up the same ips and telnet but again, I'm clueless when it comes to this but I do know my way around PCs very well just togive you an idea of \n my knowledge. thanks \u003d\u003d 2 of 4 \u003d\u003d Date: Tues, \n Feb 7 2006 8:54pm From: fatlobsterman@yahoo.com I \n think that I am logged in b/c hypertermal is saying I\'m connected- I used \n the serial to rj45 to the console on the back- I used com 3 is that \n alright? maybe it is since I am connected but I tried shpow version in the \n hyperterminal window and nothing happens \u003d\u003d 3 of 4 \n \u003d\u003d Date: Tues, Feb 7 2006 8:54pm From: fatlobsterman@yahoo.com I \n think that I am logged in b/c hypertermal is saying I\'m connected- I used \n the serial to rj45 to the console on the back- I used com 3 is that \n alright? maybe it is since I am connected but I tried shpow version in the \n hyperterminal window and nothing happens \u003d\u003d 4 of 4 \n \u003d\u003d Date: Tues, Feb 7 2006 10:07pm From: "J" Honestly I don\'t know \n if I could walk you through this. Connecting to the console \n could be an all day speaking event for some people. Do you have \n the right cable, a serial port or USB adapter, and DB9 adapter \n if applicable? What COM port are you on. Are you \n using the 9600 8N1 settings? Do you know the password for the \n device? Do you have the necessary file to attempt password \n recovery? There are too many unknowns for me to be of any real \n assistance. I googled for "cisco console howto" and found a few \n useful hits. http://www.google.com/search?hl\u003den&q\u003dcisco+console+howto&btnG\u003dGoogle+Search Setting \n up a Pix is certainly not a trivial manner. I recommend ",1] ); //--> give you an idea of my knowledge. thanks == 2 of 4 == Date: Tues, Feb 7 2006 8:54pm From: fatlobsterman@yahoo.com I think that I am logged in b/c hypertermal is saying I'm connected- I used the serial to rj45 to the console on the back- I used com 3 is that alright? maybe it is since I am connected but I tried shpow version in the hyperterminal window and nothing happens == 3 of 4 == Date: Tues, Feb 7 2006 8:54pm From: fatlobsterman@yahoo.com I think that I am logged in b/c hypertermal is saying I'm connected- I used the serial to rj45 to the console on the back- I used com 3 is that alright? maybe it is since I am connected but I tried shpow version in the hyperterminal window and nothing happens == 4 of 4 == Date: Tues, Feb 7 2006 10:07pm From: "J" Honestly I don't know if I could walk you through this. Connecting to the console could be an all day speaking event for some people. Do you have the right cable, a serial port or USB adapter, and DB9 adapter if applicable? What COM port are you on. Are you using the 9600 8N1 settings? Do you know the password for the device? Do you have the necessary file to attempt password recovery? There are too many unknowns for me to be of any real assistance. I googled for "cisco console howto" and found a few useful hits. http://www.google.com/search?hl=en&q=cisco+console+howto&btnG=Google+Search Setting up a Pix is certainly not a trivial manner. I recommend finding \n a person qualified to take on the task. I could write a book on \n nothing but Pix basics and still not cover everything you \n should know. Someone else may be able to provide better input \n than I. Best of \n luck. J \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d TOPIC: \n Which switch? http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/a6263c2a6cf2f5ab \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d \n 1 of 1 \u003d\u003d Date: Tues, Feb 7 2006 8:28pm From: "www.BradReese.Com" Andrew, The \n 2005 Cisco Product Guide has a good matrix: http://www.bradreese.com/2005-cisco-guide.htm \n Found at Cisco Product Guides: http://www.bradreese.com/refurbished-cisco-product-guide.htm Sincerely, Brad \n Reese BradReese.Com Cisco Engineers http://www.BradReese.Com 1293 \n Hendersonville Road, Suite 17 Asheville, North Carolina USA 28803 USA \n & Canada: 877-549-2680 International: 828-277-7272 \n \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d TOPIC: \n Definitive max flash/DRAM for a 2621 non-XM ",1] ); //--> finding a person qualified to take on the task. I could write a book on nothing but Pix basics and still not cover everything you should know. Someone else may be able to provide better input than I. Best of luck. J ============================================================================== TOPIC: Which switch? http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/a6263c2a6cf2f5ab ============================================================================== == 1 of 1 == Date: Tues, Feb 7 2006 8:28pm From: "www.BradReese.Com" Andrew, The 2005 Cisco Product Guide has a good matrix: http://www.bradreese.com/2005-cisco-guide.htm Found at Cisco Product Guides: http://www.bradreese.com/refurbished-cisco-product-guide.htm Sincerely, Brad Reese BradReese.Com Cisco Engineers http://www.BradReese.Com 1293 Hendersonville Road, Suite 17 Asheville, North Carolina USA 28803 USA & Canada: 877-549-2680 International: 828-277-7272 ============================================================================== TOPIC: Definitive max flash/DRAM for a 2621 non-XM /comp.dcom.sys.cisco/browse_thread/thread/f7c8f2baa300293e \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d \n 1 of 1 \u003d\u003d Date: Tues, Feb 7 2006 8:44pm From: "J" I thought for \n sure the 2621 I had was an XM but apparently it\'s not. I\'m not sure how I \n missed it but I did. I need to be able to run a PPPoE client on \n this guy. Unfortunately it looks like that feature is only \n found in the advanced entreprise services code which require 96MB DRAM and \n 32MB flash for 12.3. This 2621 is running \n 64/16. I\'ve researched the max resources for the 2621 on both \n Google and Cisco\'s website and have gotten mixed results. What\'s \n the definitive maximum flash and DRAM for this router? Does anyone \n else have any ideas for running a PPPoE client on this router rather than \n running \n c2600-adventerprisek9-mz.123-4.xd1? Thanks J \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \n TOPIC: C3750 Layer 3 Switching and VLANs http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/d9a76f870e6b9fd0 \n \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d \n 1 of 1 \u003d\u003d Date: Tues, Feb 7 2006 8:45pm From: "NETADMIN" Hi \n Lutz.. >>Hi Lutz - thanks a million for the reply - I was looking \n into VACLs and >>all sorts - didn\'t think it was as easy as that! I \n am just wondering if >>you could also provide an example on \n configuring the L3 part of the >>switch? Is posted ",1] ); //-->http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/f7c8f2baa300293e ============================================================================== == 1 of 1 == Date: Tues, Feb 7 2006 8:44pm From: "J" I thought for sure the 2621 I had was an XM but apparently it's not. I'm not sure how I missed it but I did. I need to be able to run a PPPoE client on this guy. Unfortunately it looks like that feature is only found in the advanced entreprise services code which require 96MB DRAM and 32MB flash for 12.3. This 2621 is running 64/16. I've researched the max resources for the 2621 on both Google and Cisco's website and have gotten mixed results. What's the definitive maximum flash and DRAM for this router? Does anyone else have any ideas for running a PPPoE client on this router rather than running c2600-adventerprisek9-mz.123-4.xd1? Thanks J ============================================================================== TOPIC: C3750 Layer 3 Switching and VLANs http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/d9a76f870e6b9fd0 ============================================================================== == 1 of 1 == Date: Tues, Feb 7 2006 8:45pm From: "NETADMIN" Hi Lutz.. >>Hi Lutz - thanks a million for the reply - I was looking into VACLs and >>all sorts - didn't think it was as easy as that! I am just wondering if >>you could also provide an example on configuring the L3 part of the >>switch? Is posted not by \n me Thanks, NETADMIN \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d TOPIC: \n PIX to PIX VPN problem http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/d8ca3eca037301b1 \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d \n 1 of 3 \u003d\u003d Date: Wed, Feb 8 2006 5:00am From: John Scholvin In \n article , Walter Roberson \n wrote: >No, when you are ssh\'d in and you use \'debug\' commands, the \n output goes >to your ssh session. You might possibly need to adjust \n the >"logging monitor" level but I don\'t think so. Weird...this \n never worked for me. I tried turning on all kinds of debug and saw none of \n it in my ssh session. But I did manage to use "logging console" to see \n some debug output on the console port, so I made progress on my \n problem. I\'ll have to come back to this after I solve the more pressing \n crisis... Thanks, john -- John \n Scholvin -- john@scholvin.com -- an \n E7b5#9 man in an F major world \u003d\u003d 2 of 3 \u003d\u003d Date: Wed, Feb 8 \n 2006 5:29am From: John Scholvin In article < \n ds8duj$1bu$1@chessie.cirr.com>, John Scholvin <",1] ); //-->ryanfinne...@hotmail.com not by me Thanks, NETADMIN ============================================================================== TOPIC: PIX to PIX VPN problem http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/d8ca3eca037301b1 ============================================================================== == 1 of 3 == Date: Wed, Feb 8 2006 5:00am From: John Scholvin In article , Walter Roberson wrote: >No, when you are ssh'd in and you use 'debug' commands, the output goes >to your ssh session. You might possibly need to adjust the >"logging monitor" level but I don't think so. Weird...this never worked for me. I tried turning on all kinds of debug and saw none of it in my ssh session. But I did manage to use "logging console" to see some debug output on the console port, so I made progress on my problem. I'll have to come back to this after I solve the more pressing crisis... Thanks, john -- John Scholvin -- john@scholvin.com -- an E7b5#9 man in an F major world == 2 of 3 == Date: Wed, Feb 8 2006 5:29am From: John Scholvin In article < ds8duj$1bu$1@chessie.cirr.com>, John Scholvin <> \n wrote: > >I am trying to establish a VPN tunnel between 2 PIX \n 506E\'s. This is, for >now, as straightforward a setup as there could \n be: > >private LAN 1 --- PIX 1 ----- internet ----- PIX 2 ----- \n private LAN 2 > >The problem is that the pixen don\'t seem to even \n want to get to phase 1 >negotiations. "show isakmp sa" \n returns 0 associations on both sides. OK, I worked around the weird \n debug problem I had (thanks for the tips!) and now I have the two pixes \n connected through isakmp phase II. But they still won\'t pass \n traffic. Here\'s is my theory. One of the pixes handles incoming VPN \n client connections in addition to the "dedicated" connection to the other \n pix. Looking at the output from "show ipsec sa" on that dual-purpose pix, I \n see something funny right at the top: interface: \n outside ",1] ); //-->john@scholvin.com.REMOVETHIS> wrote: > >I am trying to establish a VPN tunnel between 2 PIX 506E's. This is, for >now, as straightforward a setup as there could be: > >private LAN 1 --- PIX 1 ----- internet ----- PIX 2 ----- private LAN 2 > >The problem is that the pixen don't seem to even want to get to phase 1 >negotiations. "show isakmp sa" returns 0 associations on both sides. OK, I worked around the weird debug problem I had (thanks for the tips!) and now I have the two pixes connected through isakmp phase II. But they still won't pass traffic. Here's is my theory. One of the pixes handles incoming VPN client connections in addition to the "dedicated" connection to the other pix. Looking at the output from "show ipsec sa" on that dual-purpose pix, I see something funny right at the top: interface: outside Crypto map tag: CRYPTO_MAP, local addr. MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical \n links are often malicious: ee.ee.ee.ee \n local ident (addr/mask/prot/port): (MailScanner has detected a possible fraud attempt from "10.1.0.0" claiming to be MailScanner warning: \n numerical links are often malicious: 10.1.0.0/255.255.0.0/0/0 \n ) remote ident (addr/mask/prot/port): (MailScanner has detected a possible fraud attempt from "10.2.0.0" claiming to be MailScanner warning: \n numerical links are often malicious: \n 10.2.0.0/255.255.0.0/0/0) current_peer: MailScanner has detected a possible fraud attempt from "cc.cc.cc.cc:500" claiming to be MailScanner warning: \n numerical links are often malicious: \n cc.cc.cc.cc:500 dynamic allocated peer ip: MailScanner has detected a possible fraud attempt from "0.0.0.0" claiming to be MailScanner warning: numerical links \n are often malicious: 0.0.0.0 ",1] ); //--> Crypto map tag: CRYPTO_MAP, local addr. MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often malicious: ee.ee.ee.ee local ident (addr/mask/prot/port): (MailScanner has detected a possible fraud attempt from "10.1.0.0" claiming to be MailScanner warning: numerical links are often malicious: 10.1.0.0/255.255.0.0/0/0 ) remote ident (addr/mask/prot/port): (MailScanner has detected a possible fraud attempt from "10.2.0.0" claiming to be MailScanner warning: numerical links are often malicious: 10.2.0.0/255.255.0.0/0/0) current_peer: MailScanner has detected a possible fraud attempt from "cc.cc.cc.cc:500" claiming to be MailScanner warning: numerical links are often malicious: cc.cc.cc.cc:500 dynamic allocated peer ip: MailScanner has detected a possible fraud attempt from "0.0.0.0" claiming to be MailScanner warning: numerical links are often malicious: 0.0.0.0 MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical \n links are often malicious: ee.ee.ee.ee and MailScanner has detected a possible fraud attempt from "cc.cc.cc.cc" claiming to be MailScanner warning: numerical \n links are often malicious: cc.cc.cc.cc are the public IPs of \n the pixes)",1] ); D(["mb"," That dynamically allocated peer doesn\'t make sense to me. \n The other pix doesn\'t have that line in the output. I\'m guessing I have \n somehow butchered the config of the crypto map and it\'s confusing this peer \n with the VPN clients. The config of this pix is below, hopefully someone \n here can spot the problem. Summary: ",1] ); //-->(MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often malicious: ee.ee.ee.ee and MailScanner has detected a possible fraud attempt from "cc.cc.cc.cc" claiming to be MailScanner warning: numerical links are often malicious: cc.cc.cc.cc are the public IPs of the pixes) That dynamically allocated peer doesn't make sense to me. The other pix doesn't have that line in the output. I'm guessing I have somehow butchered the config of the crypto map and it's confusing this peer with the VPN clients. The config of this pix is below, hopefully someone here can spot the problem. Summary: MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: \n numerical links are often malicious: ee.ee.ee.ee), one in \n Chicago (MailScanner has detected a possible fraud attempt from "cc.cc.cc.cc" claiming to be MailScanner warning: \n numerical links are often malicious: cc.cc.cc.cc)",1] ); D(["mb"," * the pix \n in Evanston also handles incoming VPN client connections ",1] ); //-->* one pix is in Evanston (public=MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often malicious: ee.ee.ee.ee), one in Chicago (MailScanner has detected a possible fraud attempt from "cc.cc.cc.cc" claiming to be MailScanner warning: numerical links are often malicious: cc.cc.cc.cc) * the pix in Evanston also handles incoming VPN client connections MailScanner has detected a possible fraud attempt from "10.1.0.0" claiming to be MailScanner \n warning: numerical links are often malicious: 10.1.0.0/16 and \n MailScanner has detected a possible fraud attempt from "192.168.0.0" claiming to be MailScanner warning: \n numerical links are often malicious: 192.168.0.0/24; and \n Chicago\'s is MailScanner has detected a possible fraud attempt from "10.2.0.0" claiming to be MailScanner \n warning: numerical links are often malicious: \n 10.2.0.0/16",1] ); //-->* the Evanston private lans are MailScanner has detected a possible fraud attempt from "10.1.0.0" claiming to be MailScanner warning: numerical links are often malicious: 10.1.0.0/16 and MailScanner has detected a possible fraud attempt from "192.168.0.0" claiming to be MailScanner warning: numerical links are often malicious: 192.168.0.0/24; and Chicago's is MailScanner has detected a possible fraud attempt from "10.2.0.0" claiming to be MailScanner warning: numerical links are often malicious: 10.2.0.0/16- Show quoted text - Thanks in advance if anyone can spot the problem here. \n PIX Version 6.3(3) interface ethernet0 auto interface ethernet1 \n auto nameif ethernet0 outside security0 nameif ethernet1 inside \n security100 enable password ** encrypted passwd ** encrypted hostname \n pix-evn domain-name ** clock timezone CST -6 clock summer-time CDT \n recurring fixup protocol dns maximum-length 700 fixup protocol ftp \n 21 fixup protocol h323 h225 1720 fixup protocol h323 ras \n 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup \n protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp \n 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol \n sqlnet 1521 fixup protocol tftp 69 ",1] ); D(["mb","name MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical \n links are often malicious: ee.ee.ee.ee vpn-evn",1] ); //-->- Show quoted text - Thanks in advance if anyone can spot the problem here. PIX Version 6.3(3) interface ethernet0 auto interface ethernet1 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password ** encrypted passwd ** encrypted hostname pix-evn domain-name ** clock timezone CST -6 clock summer-time CDT recurring fixup protocol dns maximum-length 700 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 name MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often malicious: ee.ee.ee.ee vpn-evn object-group \n icmp-type icmp_traffic icmp-object \n echo-reply icmp-object source-quench icmp-object \n unreachable icmp-object time-exceeded access-list PERMIT_IN \n permit icmp any any object-group icmp_traffic ",1] ); //--> object-group icmp-type icmp_traffic icmp-object echo-reply icmp-object source-quench icmp-object unreachable icmp-object time-exceeded access-list PERMIT_IN permit icmp any any object-group icmp_traffic access-list PERMIT_IN permit \n tcp any host MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner \n warning: numerical links are often malicious: ee.ee.ee.ee eq \n ssh access-list PERMIT_IN permit tcp any host MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical \n links are often malicious: ee.ee.ee.ee eq www access-list \n PERMIT_IN permit tcp any host MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often \n malicious: ee.ee.ee.ee eq https access-list PERMIT_IN permit \n udp any host MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner \n warning: numerical links are often malicious: ee.ee.ee.ee eq \n isakmp access-list PERMIT_IN permit ah any host MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical \n links are often malicious: ee.ee.ee.ee access-list PERMIT_IN \n permit esp any host ",1] ); //-->access-list PERMIT_IN permit tcp any host MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often malicious: ee.ee.ee.ee eq ssh access-list PERMIT_IN permit tcp any host MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often malicious: ee.ee.ee.ee eq www access-list PERMIT_IN permit tcp any host MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often malicious: ee.ee.ee.ee eq https access-list PERMIT_IN permit udp any host MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often malicious: ee.ee.ee.ee eq isakmp access-list PERMIT_IN permit ah any host MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often malicious: ee.ee.ee.ee access-list PERMIT_IN permit esp any host MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often \n malicious: ee.ee.ee.ee access-list NONAT permit ip MailScanner has detected a possible fraud attempt from "192.168.0.0" claiming to be MailScanner warning: numerical \n links are often malicious: 192.168.0.0 MailScanner has detected a possible fraud attempt from "255.255.255.0" claiming to be MailScanner warning: numerical \n links are often malicious: 255.255.255.0 MailScanner has detected a possible fraud attempt from "10.1.250.0" claiming to be MailScanner warning: numerical \n links are often malicious: 10.1.250.0 MailScanner has detected a possible fraud attempt from "255.255.255.0" claiming to be MailScanner warning: numerical \n links are often malicious: 255.255.255.0 access-list NONAT \n permit ip MailScanner has detected a possible fraud attempt from "10.1.0.0" claiming to be MailScanner warning: \n numerical links are often malicious: 10.1.0.0 ",1] ); //-->MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often malicious: ee.ee.ee.ee access-list NONAT permit ip MailScanner has detected a possible fraud attempt from "192.168.0.0" claiming to be MailScanner warning: numerical links are often malicious: 192.168.0.0 MailScanner has detected a possible fraud attempt from "255.255.255.0" claiming to be MailScanner warning: numerical links are often malicious: 255.255.255.0 MailScanner has detected a possible fraud attempt from "10.1.250.0" claiming to be MailScanner warning: numerical links are often malicious: 10.1.250.0 MailScanner has detected a possible fraud attempt from "255.255.255.0" claiming to be MailScanner warning: numerical links are often malicious: 255.255.255.0 access-list NONAT permit ip MailScanner has detected a possible fraud attempt from "10.1.0.0" claiming to be MailScanner warning: numerical links are often malicious: 10.1.0.0 MailScanner has detected a possible fraud attempt from "255.255.0.0" claiming to be MailScanner warning: numerical \n links are often malicious: 255.255.0.0 MailScanner has detected a possible fraud attempt from "10.1.250.0" claiming to be MailScanner warning: numerical \n links are often malicious: 10.1.250.0 MailScanner has detected a possible fraud attempt from "255.255.255.0" claiming to be MailScanner warning: numerical \n links are often malicious: 255.255.255.0 ",1] ); //-->MailScanner has detected a possible fraud attempt from "255.255.0.0" claiming to be MailScanner warning: numerical links are often malicious: 255.255.0.0 MailScanner has detected a possible fraud attempt from "10.1.250.0" claiming to be MailScanner warning: numerical links are often malicious: 10.1.250.0 MailScanner has detected a possible fraud attempt from "255.255.255.0" claiming to be MailScanner warning: numerical links are often malicious: 255.255.255.0 MailScanner has detected a possible fraud attempt from "10.1.0.0" claiming to be MailScanner warning: \n numerical links are often malicious: 10.1.0.0 MailScanner has detected a possible fraud attempt from "255.255.0.0" claiming to be MailScanner warning: numerical \n links are often malicious: 255.255.0.0 MailScanner has detected a possible fraud attempt from "10.2.0.0" claiming to be MailScanner warning: numerical links \n are often malicious: 10.2.0.0 MailScanner has detected a possible fraud attempt from "255.255.0.0" claiming to be MailScanner warning: numerical \n links are often malicious: 255.255.0.0 access-list CHICAGO \n permit ip MailScanner has detected a possible fraud attempt from "10.1.0.0" claiming to be MailScanner warning: \n numerical links are often malicious: 10.1.0.0 MailScanner has detected a possible fraud attempt from "255.255.0.0" claiming to be MailScanner warning: numerical \n links are often malicious: 255.255.0.0",1] ); //-->access-list NONAT permit ip MailScanner has detected a possible fraud attempt from "10.1.0.0" claiming to be MailScanner warning: numerical links are often malicious: 10.1.0.0 MailScanner has detected a possible fraud attempt from "255.255.0.0" claiming to be MailScanner warning: numerical links are often malicious: 255.255.0.0 MailScanner has detected a possible fraud attempt from "10.2.0.0" claiming to be MailScanner warning: numerical links are often malicious: 10.2.0.0 MailScanner has detected a possible fraud attempt from "255.255.0.0" claiming to be MailScanner warning: numerical links are often malicious: 255.255.0.0 access-list CHICAGO permit ip MailScanner has detected a possible fraud attempt from "10.1.0.0" claiming to be MailScanner warning: numerical links are often malicious: 10.1.0.0 MailScanner has detected a possible fraud attempt from "255.255.0.0" claiming to be MailScanner warning: numerical links are often malicious: 255.255.0.0MailScanner has detected a possible fraud attempt from "10.2.0.0" claiming to be MailScanner warning: numerical links \n are often malicious: 10.2.0.0 MailScanner has detected a possible fraud attempt from "255.255.0.0" claiming to be MailScanner warning: numerical \n links are often malicious: 255.255.0.0",1] ); D(["mb"," no pager logging \n on logging trap notifications ",1] ); D(["mb","logging host inside MailScanner has detected a possible fraud attempt from "192.168.0.200" claiming to be MailScanner warning: numerical \n links are often malicious: 192.168.0.200",1] ); //--> MailScanner has detected a possible fraud attempt from "10.2.0.0" claiming to be MailScanner warning: numerical links are often malicious: 10.2.0.0 MailScanner has detected a possible fraud attempt from "255.255.0.0" claiming to be MailScanner warning: numerical links are often malicious: 255.255.0.0 no pager logging on logging trap notifications logging host inside MailScanner has detected a possible fraud attempt from "192.168.0.200" claiming to be MailScanner warning: numerical links are often malicious: 192.168.0.200 no logging message \n 106023 no logging message 305005 no logging message 304001 icmp \n permit any outside icmp permit any inside mtu outside 1500 mtu inside \n 1500 ",1] ); D(["mb","ip address outside MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often \n malicious: ee.ee.ee.ee MailScanner has detected a possible fraud attempt from "255.255.255.248" claiming to be MailScanner warning: numerical links are often \n malicious: 255.255.255.248 ",1] ); //--> no logging message 106023 no logging message 305005 no logging message 304001 icmp permit any outside icmp permit any inside mtu outside 1500 mtu inside 1500 ip address outside MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often malicious: ee.ee.ee.ee MailScanner has detected a possible fraud attempt from "255.255.255.248" claiming to be MailScanner warning: numerical links are often malicious: 255.255.255.248 MailScanner has detected a possible fraud attempt from "10.1.1.1" claiming to be MailScanner warning: numerical links \n are often malicious: 10.1.1.1 MailScanner has detected a possible fraud attempt from "255.0.0.0" claiming to be MailScanner warning: numerical links are often \n malicious: 255.0.0.0",1] ); D(["mb"," ip audit info action alarm ip audit \n attack action alarm ip local pool REMOTE 10.1.250.1-10.1.250.254 pdm \n logging informational 100 pdm history enable arp timeout 14400 global \n (outside) 1 interface nat (inside) 0 access-list NONAT ",1] ); //-->ip address inside MailScanner has detected a possible fraud attempt from "10.1.1.1" claiming to be MailScanner warning: numerical links are often malicious: 10.1.1.1 MailScanner has detected a possible fraud attempt from "255.0.0.0" claiming to be Mai --------------------------------- Brings words and photos together (easily) with PhotoMail - it's free and works with Yahoo! Mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060208/1e42aedc/attachment-0001.html From goemon at anime.net Wed Feb 8 19:46:47 2006 From: goemon at anime.net (goemon@anime.net) Date: Sat Feb 18 13:02:22 2006 Subject: x86_64 mail servers In-Reply-To: <43EA3FDB.6060701@evi-inc.com> References: <43EA3FDB.6060701@evi-inc.com> Message-ID: On Wed, 8 Feb 2006, Matt Kettler wrote: > Mark Nienberg wrote: >> I've seen comments on this list that the x86_64 didn't seem to make much >> difference and I admit it is simpler to use the plain x86 version, but >> it bothers me a little to intentionally not use the software that is >> specifically configured for the chip. > Why does it bother you? > Theoretically x86-64 should be slightly slower for most uses unless you: > 1) have a process that needs > 4gb of virtual address space > -or- > 2) does a lot of 64 bit math that can't be performed with SSE x86_64 is also better at memory copies. for processes mainly doing memcpy, memmove etc, you may see a performance increase. -Dan From nwp at nz.lemon-computing.com Thu Feb 9 06:23:46 2006 From: nwp at nz.lemon-computing.com (Nick Phillips) Date: Sat Feb 18 13:02:25 2006 Subject: Delivery testing? In-Reply-To: <20060208090300.xgk9iq3wed3c40c8@webmail.rocomai.com> References: <20060208090300.xgk9iq3wed3c40c8@webmail.rocomai.com> Message-ID: <43EADFF2.6090707@nz.lemon-computing.com> meburke@rocomai.com wrote: >cPanel uses exim as an MTA and includes MailScanner. exim includes a debug >option to emulate delivery of mail from address to another by the command: > >exim -f sender@domain.ext -bt recipient@domain.ext > >but I get the result: > >recipient@domain.ext annot be resolved at this time: > All deliveries are handled by MailScanner > >Does anyone know of a way to verify that the mail is successfully passed for >scanning, and also that the mail is queued for delivery properly after >scanning? > >Ideally, I'd like to trace the message from composition to delivery. > > You need to run exim in the same way that it is run *after* mailscanner has had hold of it. That might involve specifying a different config file, passing a -D option to exim to modify the behaviour of its config, or "something else" (I don't know how cPanel works it). You can probably find it by looking at the Sendmail2 option in your MailScanner.conf. Cheers, Nick From bards1888 at gmail.com Thu Feb 9 11:23:54 2006 From: bards1888 at gmail.com (Bards1888) Date: Sat Feb 18 13:02:29 2006 Subject: x86_64 mail servers In-Reply-To: References: <43EA3FDB.6060701@evi-inc.com> Message-ID: <43EB264A.6080602@gmail.com> Mark Nienberg wrote: > Matt Kettler wrote: > >> Mark Nienberg wrote: >> >>> I've seen comments on this list that the x86_64 didn't seem to make >>> much >>> difference and I admit it is simpler to use the plain x86 version, but >>> it bothers me a little to intentionally not use the software that is >>> specifically configured for the chip. >> >> >> Why does it bother you? >> >> Theoretically x86-64 should be slightly slower for most uses unless you: >> >> 1) have a process that needs > 4gb of virtual address space >> -or- >> 2) does a lot of 64 bit math that can't be performed with SSE >> >> The ability to have huge processes and large amounts of physical ram >> is the >> primary benefit of using a 64 bit computing architecture. The >> drawback is that >> pointers become larger, taking up more memory, and causing more >> memory I/O than >> would be needed if the app was 32bit. Unless you're actually using >> the larger >> memory space you're increasing overhead without any benefit >> whatsoever. Very few >> apps have such large memory footprints outside the realm of scientific >> simulation or massive database crunching. >> >> >> The other benefit of a 64bit computing architecture is the ability to >> do 64 bit >> math operations in one instruction instead of a series of 32 bit >> operations. >> However, very few applications regularly have any use for 64 bit >> operations >> outside of crypto, some games, and high-end engineering/physics. Even >> these >> regularly get their needs filled by using SSE, so the 64-bit math >> benefit is >> very limited. >> >> There's some benefit here to apps using 64-bit file offsets or 64 bit >> time >> format, but I've never seen a "regular" application where either kind of >> calculation was performed often enough to have a noticeable impact on >> performance. Some scientific simulations may do a lot of 64bit time >> calculations, but most of those could readily use SSE for it. >> > > So I can take the easy way out and not feel guilty about it? Fantastic! > > Thanks for your explanation. > > Mark Nienberg > One thing that the i386 version will do it disable AMD's cool 'n quiet. It appears only to work when you run in 64bit mode. My server runs in my garage so heat (or lack thereof) is more imporant to me than a 'slightly' slower machine. Has anyone quantified 'slightly' ? Bards. From Andrew at abit-wa.com.au Fri Feb 10 05:24:42 2006 From: Andrew at abit-wa.com.au (Andrew Barbara) Date: Sat Feb 18 13:02:32 2006 Subject: File Attachment Blocking Message-ID: Hello, We have a system at several sites where we have a the default list of attachments that are blocked and a list of email addresses that are allowed to send and receive the blocked attachments. This works well except when you want to play with multiple domains on the one server. Relevant config files... MailScanner.conf.... %rules-dir% = /etc/MailScanner/rules Filetype Rules = %rules-dir%/filetype.rules Filename Rules = %rules-dir%/filename.rules /etc/MailScanner/rules/filename.rules ##Group 1 has not media attachments Group 2 is allowed PICS ToOrFrom: allowed.user@domain.com.au /etc/MailScanner/filename.rules.conf ToOrFrom: allowed.user2@domain2.com.au /etc/MailScanner/filename.rules.conf ToOrFrom: *@domain2.com.au /etc/MailScanner/filename.rules.2.conf ToOrFrom: default /etc/MailScanner/filename.rules.group1.conf Same in /etc/MailScanner/rules/filetype.rules but for filename.rules.conf In this setup the allowed.user2@domain2.com.au is being overrided by *.domain2.com.au - is there a way to overcome this? Other than putting every email address in the file!!! Regards, Andrew Barbara -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060210/de27fa45/attachment.html From nwp at nz.lemon-computing.com Tue Feb 14 20:07:00 2006 From: nwp at nz.lemon-computing.com (Nick Phillips) Date: Sat Feb 18 13:02:35 2006 Subject: Mailscanner + sendmail running really slow. In-Reply-To: References: <43F20FB3.5040400@tulsaconnect.com> Message-ID: <20060214200659.GB2415@hoiho.nz.lemon-computing.com> On Tue, Feb 14, 2006 at 10:34:10AM -0800, JD Doelitzsch wrote: > When I telnet to my MS box there is a 30 second delay before it gives me the > 220. After every command therer is also a long delay. What could be causing > this? im at 70% disk space usage which was my first thought, but im not > sure. Does anyone have an idea? Your mailserver using tcpd doing identd lookups? Cheers, Nick From goemon at anime.net Tue Feb 14 21:42:40 2006 From: goemon at anime.net (goemon@anime.net) Date: Sat Feb 18 13:02:38 2006 Subject: My server is blacklisted by SpamCop again! In-Reply-To: <43F24D00.2000002@USherbrooke.ca> References: <43F24D00.2000002@USherbrooke.ca> Message-ID: On Tue, 14 Feb 2006, Denis Beauchemin wrote: > What do you do when one of your servers gets listed by SC because it sent an > email to one of their spam traps? It happened to one of my servers last > Friday and it happened again with a different server today! this is the mailscanner list, not spamcop support list. -Dan From gerbra at gotadsl.co.uk Sat Feb 18 12:58:23 2006 From: gerbra at gotadsl.co.uk (Christian Gerbrandt) Date: Sat Feb 18 13:02:41 2006 Subject: Mailscanner and openprotect ? Message-ID: Hello, I know, this one was discussed here several times before, but I'm not realy sure about this. I use qmail as MTA, and would like to do a little Spam/Virus scanning. So I would like to use Mailscanner. As it looks realy hard to get Mailscanner working with qmail, I saw this openprotect thing, which is also using Mailscanner. My question is, what are the differences between these two products. Has the Mailscanner included with openprotect the same functions as a standalone installation of Mailscanner ? Thanks for your help. Christian -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060218/c4a567fa/attachment.html From gerbra at gotadsl.co.uk Sat Feb 18 13:08:50 2006 From: gerbra at gotadsl.co.uk (Christian Gerbrandt) Date: Sat Feb 18 13:09:02 2006 Subject: Mailscanner and openprotect ? Message-ID: Hello, I know, this one was discussed here several times before, but I'm not realy sure about this. I use qmail as MTA, and would like to do a little Spam/Virus scanning. So I would like to use Mailscanner. As it looks realy hard to get Mailscanner working with qmail, I saw this openprotect thing, which is also using Mailscanner. My question is, what are the differences between these two products. Has the Mailscanner included with openprotect the same functions as a standalone installation of Mailscanner ? Thanks for your help. Christian -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060218/bf1e6971/attachment.html From shuttlebox at gmail.com Sat Feb 18 13:36:33 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Sat Feb 18 13:36:36 2006 Subject: Mailscanner and openprotect ? In-Reply-To: References: Message-ID: <625385e30602180536l27a5183bw86fd06440c7daafc@mail.gmail.com> On 2/18/06, Christian Gerbrandt wrote: > As it looks realy hard to get Mailscanner working with qmail, I saw this > openprotect thing, > which is also using Mailscanner. > > My question is, what are the differences between these two products. > Has the Mailscanner included with openprotect the same functions as a > standalone installation > of Mailscanner ? > As far as I know, Openprotect is the official way of using qmail and MailScanner together. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060218/0ae86ee9/attachment.html From jlmiller at mmtnetworks.com.au Sat Feb 18 13:48:13 2006 From: jlmiller at mmtnetworks.com.au (Jon Miller) Date: Sat Feb 18 13:38:21 2006 Subject: File Attachment Blocking Message-ID: Hey Andrew, Have you tried a separate rule for allowed.user2@domain2.com.au, and change the *@domain2.com.au to be more specific. As it is *@domain2.com.au addresses everyone at domain2.com.au. If you can apply rules based on groups (e.g names in a listing) then this may be a better way having allowed.user2 as a exception in a group that is allowed while *@domain.com.au would handle everyone else. Jon L. Miller, ASE, CNS, CLS, MCNE, CCNA Director/Sr Systems Consultant MMT Networks Pty Ltd http://www.mmtnetworks.com.au Resellers for: Novell Gold Partner, Cisco Partner, Peopletelecom, Westnet, Sophos Anti-Virus, CA Products "I don't know the key to success, but the key to failure is trying to please everybody." -Bill Cosby >>> Andrew@abit-wa.com.au 1:24:42 pm 10/02/2006 >>> Hello, We have a system at several sites where we have a the default list of attachments that are blocked and a list of email addresses that are allowed to send and receive the blocked attachments. This works well except when you want to play with multiple domains on the one server. Relevant config files... MailScanner.conf.... %rules-dir% = /etc/MailScanner/rules Filetype Rules = %rules-dir%/filetype.rules Filename Rules = %rules-dir%/filename.rules /etc/MailScanner/rules/filename.rules ##Group 1 has not media attachments Group 2 is allowed PICS ToOrFrom: allowed.user@domain.com.au /etc/MailScanner/filename.rules.conf ToOrFrom: allowed.user2@domain2.com.au /etc/MailScanner/filename.rules.conf ToOrFrom: *@domain2.com.au /etc/MailScanner/filename.rules.2.conf ToOrFrom: default /etc/MailScanner/filename.rules.group1.conf Same in /etc/MailScanner/rules/filetype.rules but for filename.rules.conf In this setup the allowed.user2@domain2.com.au is being overrided by *.domain2.com.au * is there a way to overcome this? Other than putting every email address in the file!!! Regards, Andrew Barbara -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060218/68594188/TEXT.htm From drew at themarshalls.co.uk Sat Feb 18 15:54:52 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Sat Feb 18 15:55:28 2006 Subject: Slightly OT: switching from Postfix to Sendmail In-Reply-To: <20060206221959.e55c8b7a6d4a84cb71b697721e463b9e.4ff35da3be.wbe@email.email.secureserver.net> References: <20060206221959.e55c8b7a6d4a84cb71b697721e463b9e.4ff35da3be.wbe@email.email.secureserver.net> Message-ID: <98F2EE4B-C0F7-49C8-989F-44F0C12416C0@themarshalls.co.uk> On 7 Feb 2006, at 05:19, smlists@masoncomputing.com wrote: > Hi all. I've been running MailScanner/Mailwatch with Postfix on > Fedora Core (now at 4) for quite a while now, and it's been great. > However, I want to switch to Sendmail. I'm pretty sure I can find > most of the settings in MailScanner.conf, and the Fedora system- > switch-mail command should keep the rest of the system happy. That > said, I'm a Netware/Windows guy, and not what I'd call an > experienced Linux guy. > Is there anything I'm forgetting, or any gotchas I should know > about before I go ahead? Not really, other than configuring Sendmail, which IMHO, compared to Postfix is some what trickier but there is loads of useful stuff out there and Google is your friend :-) Just out of interest, why the switch? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From smlists at shaw.ca Sat Feb 18 17:04:41 2006 From: smlists at shaw.ca (Steve Mason (maillist)) Date: Sat Feb 18 17:04:49 2006 Subject: Slightly OT: switching from Postfix to Sendmail In-Reply-To: <98F2EE4B-C0F7-49C8-989F-44F0C12416C0@themarshalls.co.uk> References: <20060206221959.e55c8b7a6d4a84cb71b697721e463b9e.4ff35da3be.wbe@email.email.secureserver.net> <98F2EE4B-C0F7-49C8-989F-44F0C12416C0@themarshalls.co.uk> Message-ID: <43F753A9.4060803@shaw.ca> Drew Marshall wrote: > On 7 Feb 2006, at 05:19, smlists@masoncomputing.com wrote: > >> However, I want to switch to Sendmail. I'm pretty sure I can find >> most of the settings in MailScanner.conf, and the Fedora system- >> switch-mail command should keep the rest of the system happy. >> Is there anything I'm forgetting, or any gotchas I should know about >> before I go ahead? > > > Not really, other than configuring Sendmail, which IMHO, compared to > Postfix is some what trickier but there is loads of useful stuff out > there and Google is your friend :-) > Just out of interest, why the switch? > I'll reply from the correct account. That explains why the listserver thought I wasn't registered. D'oh! I switched to Postfix quite a while ago just to learn it, and see what it was like. I'm seriously considering implementing MailScanner at my employer, and ditching our expensive and not terribly good third party anti-spam provider. Seems to me Sendmail is a bit more "mainstream" Mailwatch supports it a bit better (can watch the queues), and it supports some things I may want to run in the future like Milter-ahead etc. And yes, Google and I go way back (Deja-news) :) Steve From john at jolet.net Sat Feb 18 18:41:56 2006 From: john at jolet.net (John Jolet) Date: Sat Feb 18 18:41:49 2006 Subject: Slightly OT: switching from Postfix to Sendmail In-Reply-To: <20060206221959.e55c8b7a6d4a84cb71b697721e463b9e.4ff35da3be.wbe@email.email.secureserver.net> Message-ID: On 2/6/06 11:19 PM, "smlists@masoncomputing.com" wrote: > Hi all. I've been running MailScanner/Mailwatch with Postfix on Fedora Core > (now at 4) for quite a while now, and it's been great. > However, I want to switch to Sendmail. I'm pretty sure I can find most of the > settings in MailScanner.conf, and the Fedora system-switch-mail command should > keep the rest of the system happy. That said, I'm a Netware/Windows guy, and > not what I'd call an experienced Linux guy. > Is there anything I'm forgetting, or any gotchas I should know about before I > go ahead? > > Thanks, > > Steve > > > I AM an experienced linux/unix guy. This is a bit of a religios thing, but > you really don?t want to switch from postfix to sendmail without a VERY > compelling reason. ESPECIALLY if you?re not an experienced unix guy. > > That said, when I switched from sendmail to postfix with that command, it > failed to remove sendmail from the default runlevel start, and failed to put > postfix in. just make sure the correct mta is running. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060218/164b4c6e/attachment.html From jurness at tomsawyer.com Sat Feb 18 18:52:42 2006 From: jurness at tomsawyer.com (John Urness) Date: Sat Feb 18 18:53:00 2006 Subject: Whitelisted domain still tagged as spam Message-ID: <05b201c634bc$82741720$8f82160a@tomsawyer.com> Hi all, I have a lot of email from a yahoo group that is getting tagged as spam because spamcop has the group listed. Even if I whitelist the sending address with the mailscanner whitelist file, it never gets whitelisted. This works with other domains and/or email addresses that I use in the whitelist file. I *do* want it to check spam lists as well as score the email using spam assassin, but still let it through if it is whitelisted. Here is a sample below of a before and an after header from an individual user on this mailing list. This is actually tagged as spam after I change the below setting from "yes" to "no" and Mailscanner was then restarted. The original one scores correctly as ham, yet because of spamcop, gets tagged. Either way, it gets a spamcop hit and and is tagged. What might be wrong with my configuration? >Check SpamAssassin If On Spam List = no Before: Received: from n3a.bullet.dcn.yahoo.com (n3a.bullet.dcn.yahoo.com [216.155.203.223]) by unixserv0.tomsawyer.com (8.12.9/8.12.9) with SMTP id k0OGKpW1005083 for ; Tue, 24 Jan 2006 08:20:51 -0800 (PST) Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=lima; d=yahoogroups.com; b=qetIEaEi1xsxVujqQoZOw79i62uA2AIMh8n8/UGdA+ua/tZyl9mBc0JwqbUlJGyJJ2OkxcoiLh 85j4TDnd4kiqV2sWgz++FVfeoWBz9O+5c97puwEOIcG8flVazD1pr5; Received: from [216.155.201.64] by n3.bullet.dcn.yahoo.com with NNFMP; 24 Jan 2006 16:20:42 -0000 Received: from [66.218.69.5] by t1.bullet.dcn.yahoo.com with NNFMP; 24 Jan 2006 16:20:41 -0000 Received: from [66.218.66.99] by t5.bullet.scd.yahoo.com with NNFMP; 24 Jan 2006 16:20:41 -0000 X-Yahoo-Newman-Property: groups-email X-Sender: senderemail X-Apparently-To: HATT@yahoogroups.com Received: (qmail 57516 invoked from network); 24 Jan 2006 16:20:40 -0000 Received: from unknown (66.218.66.218) by m34.grp.scd.yahoo.com with QMQP; 24 Jan 2006 16:20:40 -0000 Received: from unknown (HELO uproxy.gmail.com) (66.249.92.202) by mta3.grp.scd.yahoo.com with SMTP; 24 Jan 2006 16:20:40 -0000 Received: by uproxy.gmail.com with SMTP id m3so365979uge for ; Tue, 24 Jan 2006 08:20:39 -0800 (PST) Received: by 10.48.225.3 with SMTP id x3mr443884nfg; Tue, 24 Jan 2006 06:52:01 -0800 (PST) Received: by 10.48.12.20 with HTTP; Tue, 24 Jan 2006 06:52:01 -0800 (PST) Message-ID: <375e3cb30601240652x675f83b0ia4c64904eefad906@mail.gmail.com> To: Howard Lebowitz Cc: HATT@yahoogroups.com In-Reply-To: <205CA9DB99DA0A42B1317BCC83E95FCCCE38BF@ex-lkm1.harlandfs.com> References: <205CA9DB99DA0A42B1317BCC83E95FCCCE38BF@ex-lkm1.harlandfs.com> X-Originating-IP: 66.249.92.202 X-eGroups-Msg-Info: 1:12:0:0 From: senderemail X-Yahoo-Profile: Sender: HATT@yahoogroups.com MIME-Version: 1.0 Mailing-List: list HATT@yahoogroups.com; contact HATT-owner@yahoogroups.com Delivered-To: mailing list HATT@yahoogroups.com List-Id: Precedence: bulk List-Unsubscribe: Date: Tue, 24 Jan 2006 09:52:01 -0500 Subject: <<<>>> Re: [HATT] RE: Q: What's Up With Madcap? (PROMO PRICING) Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-TSS-MailScanner-Information: See www.mailscanner.info for information X-TSS-MailScanner: Appears to be free of infection X-TSS-MailScanner-SpamCheck: spam, spamcop.net, SpamAssassin (score=-1.414, required 4, AWL -1.01, BAYES_00 -2.60, RCVD_IN_BL_SPAMCOP_NET 1.56, SARE_MSGID_LONG40 0.64) X-TSS-MailScanner-From: sentto-2077532-60082-1138119641-localuser=tomsawyer.com@returns.groups.yahoo .com After: Received: from n6a.bullet.dcn.yahoo.com (n6a.bullet.dcn.yahoo.com [216.155.203.226]) by unixserv0.tomsawyer.com (8.12.9/8.12.9) with SMTP id k0OK3GW1006867 for ; Tue, 24 Jan 2006 12:03:17 -0800 (PST) Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=lima; d=yahoogroups.com; b=FihSN52cWuzYyiKLCtL83i5/tFr2zLxV5NYDfgL70GyglzVZlNwhMv6E0o+qJ6r51wJer9/nAr YIll8vU3QSgLoFcLnLqrwEwX4b5eLIyN9SBYF59KyoFz/KkZGD++gI; Received: from [216.155.201.65] by n6.bullet.dcn.yahoo.com with NNFMP; 24 Jan 2006 20:03:11 -0000 Received: from [66.218.69.2] by t2.bullet.dcn.yahoo.com with NNFMP; 24 Jan 2006 20:03:10 -0000 Received: from [66.218.66.35] by t2.bullet.scd.yahoo.com with NNFMP; 24 Jan 2006 20:03:10 -0000 X-Yahoo-Newman-Property: groups-email X-Sender: senderemail X-Apparently-To: HATT@yahoogroups.com Received: (qmail 34688 invoked from network); 24 Jan 2006 20:03:09 -0000 Received: from unknown (66.218.66.172) by m29.grp.scd.yahoo.com with QMQP; 24 Jan 2006 20:03:09 -0000 Received: from unknown (HELO uproxy.gmail.com) (66.249.92.200) by mta4.grp.scd.yahoo.com with SMTP; 24 Jan 2006 20:03:07 -0000 Received: by uproxy.gmail.com with SMTP id m3so120564ugc for ; Tue, 24 Jan 2006 12:02:42 -0800 (PST) Received: by 10.49.88.3 with SMTP id q3mr479305nfl; Tue, 24 Jan 2006 12:02:42 -0800 (PST) Received: by 10.48.12.20 with HTTP; Tue, 24 Jan 2006 12:02:42 -0800 (PST) Message-ID: <375e3cb30601241202g747298d3w386e4c26210a4aed@mail.gmail.com> To: address0 Cc: address1, address2, HATT@yahoogroups.com In-Reply-To: <162e01c620f8$691cc830$0401a8c0@RicksPC> References: <162e01c620f8$691cc830$0401a8c0@RicksPC> X-Originating-IP: 66.249.92.200 X-eGroups-Msg-Info: 1:12:0:0 From: senderemail X-Yahoo-Profile: ##### Sender: HATT@yahoogroups.com MIME-Version: 1.0 Mailing-List: list HATT@yahoogroups.com; contact HATT-owner@yahoogroups.com Delivered-To: mailing list HATT@yahoogroups.com List-Id: Precedence: bulk List-Unsubscribe: Date: Tue, 24 Jan 2006 15:02:42 -0500 Subject: <<<>>> Re: [HATT] What happens to RoboHelp when IE 7.0 is released? Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-TSS-MailScanner-Information: See www.mailscanner.info for information X-TSS-MailScanner: Appears to be free of infection X-TSS-MailScanner-SpamCheck: spam, spamcop.net X-TSS-MailScanner-From: sentto-2077532-60089-1138132990-localuser=tomsawyer.com@returns.groups.yahoo .com Best, John From larskman at gmail.com Sat Feb 18 18:55:31 2006 From: larskman at gmail.com (fname lname) Date: Sat Feb 18 18:55:34 2006 Subject: Mail Archive Message-ID: I have the mail archive option on in mailscanner and I what to know how do I go about view the archived mail. And is there a web base ap i can use to view these archived mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060218/4d572104/attachment.html From MailScanner at ecs.soton.ac.uk Sat Feb 18 19:39:38 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Feb 18 19:39:49 2006 Subject: Slightly OT: switching from Postfix to Sendmail In-Reply-To: References: Message-ID: <43F777FA.2070007@ecs.soton.ac.uk> John Jolet wrote: > > > > On 2/6/06 11:19 PM, "smlists@masoncomputing.com" > wrote: > > Hi all. I've been running MailScanner/Mailwatch with Postfix on > Fedora Core (now at 4) for quite a while now, and it's been great. > However, I want to switch to Sendmail. I'm pretty sure I can find > most of the settings in MailScanner.conf, and the Fedora > system-switch-mail command should keep the rest of the system > happy. That said, I'm a Netware/Windows guy, and not what I'd call > an experienced Linux guy. > Is there anything I'm forgetting, or any gotchas I should know > about before I go ahead? > > Thanks, > > Steve > > ------------------------------------------------------------------------ > I AM an experienced linux/unix guy. This is a bit of a religios > thing, but you really don?t want to switch from postfix to > sendmail without a VERY compelling reason. ESPECIALLY if you?re > not an experienced unix guy. > > That said, when I switched from sendmail to postfix with that > command, it failed to remove sendmail from the default runlevel > start, and failed to put postfix in. just make sure the correct > mta is running. > So long as you have MTA = sendmail in MailScanner.conf, it will pick up the right one (if you are on Linux) automatically. Make sure you have done a chkconfig sendmail off chkconfig postfix off as you want to leave MailScanner to start all the required postfix/sendmail processes for you. On my own MX's I have just had to rm /etc/init.d/sendmail as while I was away one of my guys accidentally started sendmail with a service sendmail start which made it bypass MailScanner altogether. By deleting that file they have no way of "nicely" starting sendmail on its own at all, so that they are forced to use "service MailScanner start" to get it going properly. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Feb 18 19:44:00 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Feb 18 19:44:09 2006 Subject: Whitelisted domain still tagged as spam In-Reply-To: <05b201c634bc$82741720$8f82160a@tomsawyer.com> References: <05b201c634bc$82741720$8f82160a@tomsawyer.com> Message-ID: <43F77900.2070405@ecs.soton.ac.uk> John Urness wrote: > Hi all, > I have a lot of email from a yahoo group that is getting tagged as spam > because spamcop has the group listed. Even if I whitelist the sending > address with the mailscanner whitelist file, it never gets whitelisted. This > works with other domains and/or email addresses that I use in the whitelist > file. > > I *do* want it to check spam lists as well as score the email using spam > assassin, but still let it through if it is whitelisted. > > Here is a sample below of a before and an after header from an individual > user on this mailing list. This is actually tagged as spam after I change > the below setting from "yes" to "no" and Mailscanner was then restarted. The > original one scores correctly as ham, yet because of spamcop, gets tagged. > Either way, it gets a spamcop hit and and is tagged. What might be wrong > with my configuration? > > >> Check SpamAssassin If On Spam List = no >> > > > Before: > Received: from n3a.bullet.dcn.yahoo.com (n3a.bullet.dcn.yahoo.com > [216.155.203.223]) > by unixserv0.tomsawyer.com (8.12.9/8.12.9) with SMTP id > k0OGKpW1005083 > for ; Tue, 24 Jan 2006 08:20:51 -0800 (PST) > Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys > DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=lima; d=yahoogroups.com; > > b=qetIEaEi1xsxVujqQoZOw79i62uA2AIMh8n8/UGdA+ua/tZyl9mBc0JwqbUlJGyJJ2OkxcoiLh > 85j4TDnd4kiqV2sWgz++FVfeoWBz9O+5c97puwEOIcG8flVazD1pr5; > Received: from [216.155.201.64] by n3.bullet.dcn.yahoo.com with NNFMP; 24 > Jan 2006 16:20:42 -0000 > Received: from [66.218.69.5] by t1.bullet.dcn.yahoo.com with NNFMP; 24 Jan > 2006 16:20:41 -0000 > Received: from [66.218.66.99] by t5.bullet.scd.yahoo.com with NNFMP; 24 Jan > 2006 16:20:41 -0000 > X-Yahoo-Newman-Property: groups-email > X-Sender: senderemail > X-Apparently-To: HATT@yahoogroups.com > Received: (qmail 57516 invoked from network); 24 Jan 2006 16:20:40 -0000 > Received: from unknown (66.218.66.218) > by m34.grp.scd.yahoo.com with QMQP; 24 Jan 2006 16:20:40 -0000 > Received: from unknown (HELO uproxy.gmail.com) (66.249.92.202) > by mta3.grp.scd.yahoo.com with SMTP; 24 Jan 2006 16:20:40 -0000 > Received: by uproxy.gmail.com with SMTP id m3so365979uge > for ; Tue, 24 Jan 2006 08:20:39 -0800 (PST) > Received: by 10.48.225.3 with SMTP id x3mr443884nfg; > Tue, 24 Jan 2006 06:52:01 -0800 (PST) > Received: by 10.48.12.20 with HTTP; Tue, 24 Jan 2006 06:52:01 -0800 (PST) > Message-ID: <375e3cb30601240652x675f83b0ia4c64904eefad906@mail.gmail.com> > To: Howard Lebowitz > Cc: HATT@yahoogroups.com > In-Reply-To: <205CA9DB99DA0A42B1317BCC83E95FCCCE38BF@ex-lkm1.harlandfs.com> > References: <205CA9DB99DA0A42B1317BCC83E95FCCCE38BF@ex-lkm1.harlandfs.com> > X-Originating-IP: 66.249.92.202 > X-eGroups-Msg-Info: 1:12:0:0 > From: senderemail > X-Yahoo-Profile: > Sender: HATT@yahoogroups.com > MIME-Version: 1.0 > Mailing-List: list HATT@yahoogroups.com; contact HATT-owner@yahoogroups.com > Delivered-To: mailing list HATT@yahoogroups.com > List-Id: > Precedence: bulk > List-Unsubscribe: > Date: Tue, 24 Jan 2006 09:52:01 -0500 > Subject: <<<>>> Re: [HATT] RE: Q: What's Up With Madcap? > (PROMO PRICING) > Content-Type: text/plain; charset=ISO-8859-1 > Content-Transfer-Encoding: 7bit > X-TSS-MailScanner-Information: See www.mailscanner.info for information > X-TSS-MailScanner: Appears to be free of infection > X-TSS-MailScanner-SpamCheck: spam, spamcop.net, SpamAssassin (score=-1.414, > required 4, AWL -1.01, BAYES_00 -2.60, RCVD_IN_BL_SPAMCOP_NET 1.56, > SARE_MSGID_LONG40 0.64) > X-TSS-MailScanner-From: > sentto-2077532-60082-1138119641-localuser=tomsawyer.com@returns.groups.yahoo > .com > This is the relevant address that you need to whitelist. Perhaps just whitelist the whole of returns.groups.yahoo.com. You could move the whitelist to Spam Checks = instead of Is Definitely Not Spam = as that will stop it doing any spam checks at all. > > > > After: > Received: from n6a.bullet.dcn.yahoo.com (n6a.bullet.dcn.yahoo.com > [216.155.203.226]) > by unixserv0.tomsawyer.com (8.12.9/8.12.9) with SMTP id > k0OK3GW1006867 > for ; Tue, 24 Jan 2006 12:03:17 -0800 (PST) > Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys > DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=lima; d=yahoogroups.com; > > b=FihSN52cWuzYyiKLCtL83i5/tFr2zLxV5NYDfgL70GyglzVZlNwhMv6E0o+qJ6r51wJer9/nAr > YIll8vU3QSgLoFcLnLqrwEwX4b5eLIyN9SBYF59KyoFz/KkZGD++gI; > Received: from [216.155.201.65] by n6.bullet.dcn.yahoo.com with NNFMP; 24 > Jan 2006 20:03:11 -0000 > Received: from [66.218.69.2] by t2.bullet.dcn.yahoo.com with NNFMP; 24 Jan > 2006 20:03:10 -0000 > Received: from [66.218.66.35] by t2.bullet.scd.yahoo.com with NNFMP; 24 Jan > 2006 20:03:10 -0000 > X-Yahoo-Newman-Property: groups-email > X-Sender: senderemail > X-Apparently-To: HATT@yahoogroups.com > Received: (qmail 34688 invoked from network); 24 Jan 2006 20:03:09 -0000 > Received: from unknown (66.218.66.172) > by m29.grp.scd.yahoo.com with QMQP; 24 Jan 2006 20:03:09 -0000 > Received: from unknown (HELO uproxy.gmail.com) (66.249.92.200) > by mta4.grp.scd.yahoo.com with SMTP; 24 Jan 2006 20:03:07 -0000 > Received: by uproxy.gmail.com with SMTP id m3so120564ugc > for ; Tue, 24 Jan 2006 12:02:42 -0800 (PST) > Received: by 10.49.88.3 with SMTP id q3mr479305nfl; > Tue, 24 Jan 2006 12:02:42 -0800 (PST) > Received: by 10.48.12.20 with HTTP; Tue, 24 Jan 2006 12:02:42 -0800 (PST) > Message-ID: <375e3cb30601241202g747298d3w386e4c26210a4aed@mail.gmail.com> > To: address0 > Cc: address1, address2, HATT@yahoogroups.com > In-Reply-To: <162e01c620f8$691cc830$0401a8c0@RicksPC> > References: > <162e01c620f8$691cc830$0401a8c0@RicksPC> > X-Originating-IP: 66.249.92.200 > X-eGroups-Msg-Info: 1:12:0:0 > From: senderemail > X-Yahoo-Profile: ##### > Sender: HATT@yahoogroups.com > MIME-Version: 1.0 > Mailing-List: list HATT@yahoogroups.com; contact HATT-owner@yahoogroups.com > Delivered-To: mailing list HATT@yahoogroups.com > List-Id: > Precedence: bulk > List-Unsubscribe: > Date: Tue, 24 Jan 2006 15:02:42 -0500 > Subject: <<<>>> Re: [HATT] What happens to RoboHelp when IE > 7.0 is released? > Content-Type: text/plain; charset=ISO-8859-1 > Content-Transfer-Encoding: 7bit > X-TSS-MailScanner-Information: See www.mailscanner.info for information > X-TSS-MailScanner: Appears to be free of infection > X-TSS-MailScanner-SpamCheck: spam, spamcop.net > X-TSS-MailScanner-From: > sentto-2077532-60089-1138132990-localuser=tomsawyer.com@returns.groups.yahoo > .com > > Best, > > John > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Feb 18 19:46:08 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Feb 18 19:46:17 2006 Subject: Mail Archive In-Reply-To: References: Message-ID: <43F77980.30603@ecs.soton.ac.uk> fname lname wrote: > I have the mail archive option on in mailscanner and I what to know > how do I go about view the archived mail. And is there a web base ap > i can use to view these archived mail. The archive mail will by default go into /var/spool/MailScanner/archive. The files will normally be raw queue files. With sendmail you can just look at the text in the files, similarly with Exim. With Postfix you will need to use postcat on the queue files stored in there. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shrek-m at gmx.de Sat Feb 18 19:59:30 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Sat Feb 18 19:59:34 2006 Subject: Slightly OT: switching from Postfix to Sendmail In-Reply-To: References: Message-ID: <43F77CA2.7010806@gmx.de> On 18.02.2006 19:41, John Jolet wrote: > That said, when I switched from sendmail to postfix with that > command, it failed to remove sendmail from the default runlevel start, > afair you can switch between sendmail, postfix, exim , ...without problems # alternatives --config mta > and failed to put postfix in. just make sure the correct mta is > running. > afaik you have to disable the mta at least with sendmail (i have no experiences with postfix and ms) # chkconfig sendmail --list # chkconfig sendmail off # service sendmail stop the default MailScanner.conf is ok out of the box with sendmail. check your MailScanner.conf eg. fc3 ms + sendmail -------- Run As User = Run As Group = MTA = sendmail Sendmail = /usr/sbin/sendmail Sendmail2 = /usr/sbin/sendmail ... -------- # service MailScanner restart and check if all is ok -- shrek-m From larskman at gmail.com Sat Feb 18 21:28:38 2006 From: larskman at gmail.com (fname lname) Date: Sat Feb 18 21:28:45 2006 Subject: Mail Archive In-Reply-To: <43F77980.30603@ecs.soton.ac.uk> References: <43F77980.30603@ecs.soton.ac.uk> Message-ID: Is there way to process the raw file to make it viewable? On 2/18/06, Julian Field wrote: > > fname lname wrote: > > I have the mail archive option on in mailscanner and I what to know > > how do I go about view the archived mail. And is there a web base ap > > i can use to view these archived mail. > The archive mail will by default go into /var/spool/MailScanner/archive. > The files will normally be raw queue files. With sendmail you can just > look at the text in the files, similarly with Exim. With Postfix you > will need to use postcat on the queue files stored in there. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060218/a4e6af9e/attachment.html From MailScanner at ecs.soton.ac.uk Sat Feb 18 23:09:31 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Feb 18 23:09:40 2006 Subject: Mail Archive In-Reply-To: References: <43F77980.30603@ecs.soton.ac.uk> Message-ID: <43F7A92B.4000608@ecs.soton.ac.uk> fname lname wrote: > Is there way to process the raw file to make it viewable? Quarantine As Raw Queue Files = no > > On 2/18/06, *Julian Field* > wrote: > > fname lname wrote: > > I have the mail archive option on in mailscanner and I what to know > > how do I go about view the archived mail. And is there a web > base ap > > i can use to view these archived mail. > The archive mail will by default go into > /var/spool/MailScanner/archive. > The files will normally be raw queue files. With sendmail you can > just > look at the text in the files, similarly with Exim. With Postfix you > will need to use postcat on the queue files stored in there. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Professional Support Services at www.MailScanner.biz > > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Sat Feb 18 23:12:58 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Feb 18 23:13:05 2006 Subject: Slightly OT: switching from Postfix to Sendmail In-Reply-To: <43F777FA.2070007@ecs.soton.ac.uk> References: <43F777FA.2070007@ecs.soton.ac.uk> Message-ID: <223f97700602181512r33c8cbf4j@mail.gmail.com> On 18/02/06, Julian Field wrote: (snip) > On my own MX's I have just had to > rm /etc/init.d/sendmail > as while I was away one of my guys accidentally started sendmail with a > service sendmail start which made it bypass MailScanner altogether. By > deleting that file they have no way of "nicely" starting sendmail on its > own at all, so that they are forced to use "service MailScanner start" > to get it going properly. Trick them further with an ln -s /etc/init.d/MailScanner /etc/init.d/sendmail and the bozos will be "disarmed" completely:-). Welcome back from the vacation! I thought we wouldn't hear from you until after the weekend... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From shrek-m at gmx.de Sun Feb 19 00:28:20 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Sun Feb 19 00:28:23 2006 Subject: Slightly OT: switching from Postfix to Sendmail In-Reply-To: <223f97700602181512r33c8cbf4j@mail.gmail.com> References: <43F777FA.2070007@ecs.soton.ac.uk> <223f97700602181512r33c8cbf4j@mail.gmail.com> Message-ID: <43F7BBA4.4030902@gmx.de> On 19.02.2006 00:12, Glenn Steen wrote: >Trick them further with an >ln -s /etc/init.d/MailScanner /etc/init.d/sendmail >and the bozos will be "disarmed" completely:-) > good luck. i hope that nobody get this box from you without a good documentation or you are surprised after the next update. # mv /etc/init.d/sendmail /etc/init.d/sendmail-orig # ln -s /etc/init.d/MailScanner /etc/init.d/sendmail # rpm -Uvh --replacepkgs ftp://download.fedora.redhat.com/pub/fedora/linux/core/3/i386/os/Fedora/RPMS/sendmail-8.13.1-2.i386.rpm Preparing... ########################################### [100%] 1:sendmail Warnung: /etc/rc.d/init.d/sendmail saved as /etc/rc.d/init.d/sendmail.rpmsave ########################################### [100%] # ll /etc/init.d/sendmail -rwxr-xr-x 1 root root 3348 1. Sep 2004 /etc/init.d/sendmail # ll /etc/init.d/sendmail.rpmsave lrwxrwxrwx 1 root root 23 19. Feb 01:10 /etc/init.d/sendmail.rpmsave -> /etc/init.d/MailScanner -- shrek-m From glenn.steen at gmail.com Sun Feb 19 01:00:44 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Feb 19 01:00:48 2006 Subject: Slightly OT: switching from Postfix to Sendmail In-Reply-To: <43F7BBA4.4030902@gmx.de> References: <43F777FA.2070007@ecs.soton.ac.uk> <223f97700602181512r33c8cbf4j@mail.gmail.com> <43F7BBA4.4030902@gmx.de> Message-ID: <223f97700602181700m50663875j@mail.gmail.com> On 19/02/06, shrek-m@gmx.de wrote: > On 19.02.2006 00:12, Glenn Steen wrote: > > >Trick them further with an > >ln -s /etc/init.d/MailScanner /etc/init.d/sendmail > >and the bozos will be "disarmed" completely:-) > > > > good luck. > i hope that nobody get this box from you without a good documentation > or you are surprised after the next update. > > > # mv /etc/init.d/sendmail /etc/init.d/sendmail-orig > # ln -s /etc/init.d/MailScanner /etc/init.d/sendmail > > # rpm -Uvh --replacepkgs > ftp://download.fedora.redhat.com/pub/fedora/linux/core/3/i386/os/Fedora/RPMS/sendmail-8.13.1-2.i386.rpm > Preparing... ########################################### > [100%] > 1:sendmail Warnung: /etc/rc.d/init.d/sendmail saved as > /etc/rc.d/init.d/sendmail.rpmsave > ########################################### [100%] > > # ll /etc/init.d/sendmail > -rwxr-xr-x 1 root root 3348 1. Sep 2004 /etc/init.d/sendmail > > # ll /etc/init.d/sendmail.rpmsave > lrwxrwxrwx 1 root root 23 19. Feb 01:10 /etc/init.d/sendmail.rpmsave -> > /etc/init.d/MailScanner > Yes? So what?! You don't have your personal fix-script that takes care of these things? Jeez... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at nkpanama.com Sun Feb 19 02:28:21 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Feb 19 02:28:35 2006 Subject: Mail Archive In-Reply-To: <43F77980.30603@ecs.soton.ac.uk> References: <43F77980.30603@ecs.soton.ac.uk> Message-ID: <43F7D7C5.9040501@nkpanama.com> Or send them using rulesets to separate mbox files, and then read them with IMAP or any standards-based mail program. Julian Field wrote: > fname lname wrote: >> I have the mail archive option on in mailscanner and I what to know >> how do I go about view the archived mail. And is there a web base ap >> i can use to view these archived mail. > The archive mail will by default go into > /var/spool/MailScanner/archive. The files will normally be raw queue > files. With sendmail you can just look at the text in the files, > similarly with Exim. With Postfix you will need to use postcat on the > queue files stored in there. > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From ugob at camo-route.com Sun Feb 19 05:00:21 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Sun Feb 19 05:00:42 2006 Subject: dccfid performance improvement? In-Reply-To: <43CD2142.5090809@evi-inc.com> References: <028e01c61b03$432cd020$2f01a8c0@Fajar> <43CD2142.5090809@evi-inc.com> Message-ID: Matt Kettler wrote: > Ugo Bellavance wrote: >> Fajar wrote: >> >>> One of the suggestion to tune mailscanner by using dccfid, i'm already >>> setup the dcc, and from spamasassin --list seems the dcc workingfine, i >>> saw some connection made from my computer to some host with destination >>> port 6277. >> >> Ok, how is that related to the subject of your post? > > Because dccifd is the other way of handling DCC. Fajar is apparently pointing > out DCC is currently working. > > I assume that the subject implies that Fajar is wondering what benefit there is > to adding dccifd, over just plain dcc (which uses dccproc). > > Fajar, there's some modest improvement to enabling dccifd. Normally to do a DCC > lookup SpamAssassin invokes dccproc as a new process. However, if dccifd is > running, it will simply pass the message off to dccifd over a socket, without > having to create a new process. > > I would say the speed gains are marginal, but then again it doesn't really cost > you anything other than a little ram. (My dccifd has a RSS of 1368 K) > > If you run spamassassin --lint -D the debug output will let you see SA checking > for the dccifd socket, and see if it used dccifd or dccproc. Then one should read this: http://tinyurl.com/98txh It contains the explanation from Vernon, DCC's author. > > > -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. From ugob at camo-route.com Sun Feb 19 05:01:48 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Sun Feb 19 05:11:44 2006 Subject: dccfid performance improvement? In-Reply-To: <056001c61b43$6f88c170$2f01a8c0@Fajar> References: <028e01c61b03$432cd020$2f01a8c0@Fajar> <625385e30601170032ieda71b0nccb96096de28e7ef@mail.gmail.com> <056001c61b43$6f88c170$2f01a8c0@Fajar> Message-ID: Fajar wrote: > it seems dccifd running fine, the now mailscanner almost instanly > scanning the message, dunno if this because of the dcc or not. But > thanks. Sorry for bad subject, wrong subject :D Hmmm, I think that is the answer you're looking for: SpamAssassin will use DCCifd if it finds it. If not, it will use dccproc. It won't use both as they do the same job. -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. From dmehler26 at woh.rr.com Sun Feb 19 08:14:03 2006 From: dmehler26 at woh.rr.com (Dave) Date: Sun Feb 19 08:23:03 2006 Subject: global list converting to per-domain list References: Message-ID: <000b01c6352c$728f60b0$0200a8c0@satellite> Hello, A MailScanner setup had global spam whitelist and blacklist rules files. I added per-domain whitelist and blacklist capabilities, now i'd like to take what was the original global files and make them in to the new default files that go in the spam.bydomain blacklist and whitelist areas. Do i just remove the from: and the yes and leave the email address? Is that all that is required or do i have to do something else? Thanks. Dave. From shrek-m at gmx.de Sun Feb 19 10:33:56 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Sun Feb 19 10:34:05 2006 Subject: Slightly OT: switching from Postfix to Sendmail In-Reply-To: <223f97700602181700m50663875j@mail.gmail.com> References: <43F777FA.2070007@ecs.soton.ac.uk> <223f97700602181512r33c8cbf4j@mail.gmail.com> <43F7BBA4.4030902@gmx.de> <223f97700602181700m50663875j@mail.gmail.com> Message-ID: <43F84994.4090808@gmx.de> On 19.02.2006 02:00, Glenn Steen wrote: >Yes? So what?! >You don't have your personal fix-script that takes care of these things? >Jeez... > i do not know why i should create such a symlink sendmail is sendmail and mailscanner is mailscanner. the admin(s) of the mailscanner box should know the difference. -- shrek-m From glenn.steen at gmail.com Sun Feb 19 11:17:51 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Feb 19 11:17:56 2006 Subject: Slightly OT: switching from Postfix to Sendmail In-Reply-To: <43F84994.4090808@gmx.de> References: <43F777FA.2070007@ecs.soton.ac.uk> <223f97700602181512r33c8cbf4j@mail.gmail.com> <43F7BBA4.4030902@gmx.de> <223f97700602181700m50663875j@mail.gmail.com> <43F84994.4090808@gmx.de> Message-ID: <223f97700602190317o203fc3b1t@mail.gmail.com> On 19/02/06, shrek-m@gmx.de wrote: > On 19.02.2006 02:00, Glenn Steen wrote: > > >Yes? So what?! > >You don't have your personal fix-sc'dript that takes care of these things? > >Jeez... > > > > i do not know why i should create such a symlink > sendmail is sendmail and mailscanner is mailscanner. > > the admin(s) of the mailscanner box should know the difference. > Of course. But sometimes (for."political reasons .... like the PHB, with thumb firmly in the middle of the hand, "needing" admin rights...) will present ... "problems" of the kind Julian details. My "advice" is more a joke (on the "admin") than anything... Sure, it'd work, with a little attention to details... But in a perfect world, one wouldn't need any obfuscations at all:). I do agree, IF one does such a thing, one need document it prominently (the bozos you create it for doesn't read docs, so that'd be no issue as to the "effectiveness":-). Or you "solve" this with a LART. That has the added bonus of blowing off some steam, so perhaps that is the best way:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ugob at camo-route.com Sun Feb 19 12:38:00 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Sun Feb 19 12:38:26 2006 Subject: Comments on 4.50.15 Message-ID: Hi, I just installed MS 4.50.15 on a CentOS 4 fresh install. I found a few things: - Even though in MailScanner.conf, it says posix is the default for sendmail, here is what I get in the logs: Feb 19 07:22:45 server MailScanner[27854]: Using locktype = flock I changed it manually to posix. -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. From MailScanner at ecs.soton.ac.uk Sun Feb 19 12:41:42 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Feb 19 12:41:51 2006 Subject: Slightly OT: switching from Postfix to Sendmail In-Reply-To: <223f97700602181512r33c8cbf4j@mail.gmail.com> References: <43F777FA.2070007@ecs.soton.ac.uk> <223f97700602181512r33c8cbf4j@mail.gmail.com> Message-ID: <43F86786.3040601@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: > On 18/02/06, Julian Field wrote: > (snip) > >> On my own MX's I have just had to >> rm /etc/init.d/sendmail >> as while I was away one of my guys accidentally started sendmail with a >> service sendmail start which made it bypass MailScanner altogether. By >> deleting that file they have no way of "nicely" starting sendmail on its >> own at all, so that they are forced to use "service MailScanner start" >> to get it going properly. >> > Trick them further with an > ln -s /etc/init.d/MailScanner /etc/init.d/sendmail > and the bozos will be "disarmed" completely:-). > Welcome back from the vacation! I thought we wouldn't hear from you > until after the weekend... > It was a lovely break from everything. I took my OQO (www.oqo.com) and only switched it on to archive my photos. Only 1 work call I needed to deal with, and no MailScanner work at all. Wonderful! As for this weekend, I always prefer to catch up on most of my outstanding mail before I go back to work. The first day or 2 back from holiday is bad enough, without 3000 messages waiting to be read too. So I catch up first in the undisturbed surroundings of home. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBQ/hnhhH2WUcUFbZUEQKrSQCdFAWqiI0vRY+BnwPSGzTg8f+CywwAoOGJ lmNeO/EwxdQur/kRkiYjy3e6 =i659 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mrm at medicine.wisc.edu Sun Feb 19 21:11:04 2006 From: mrm at medicine.wisc.edu (Michael Masse) Date: Sun Feb 19 21:11:36 2006 Subject: help with --lint errors Message-ID: I'm having a hard time trying to get a rules file to work with high scoring spam actions. MS is at 4.50.14 in the MailScanner.conf file the relevant line is: High Scoring Spam Actions = %rules-dir%/highscoringspam.rules Here's the highscoringspam.rules file: To: abc@abc.com forward foo@bar.com To: def@abc.com forward foo@bar.com FromOrTo: default deliver header "X-Spam-Status: Yes" header "X-Spam-Flag: Yes" The default action is working fine, but the first two conditionals do not. If I run: MailScanner --lint highscoringspam.rules I get: Error in line 2 of highscoringspam.rules, line does not make sense. Error in line 3 of highscoringspam.rules, line does not make sense. Can't continue processing configuration file until these errors have been corrected. at /usr/lib/MailScanner/MailScanner/Config.pm line 1640 I can swap line 1 and 2 and it always says there's a problem with line 2 and 3. I don't know why it says there's a problem with line 3, because the default action is working. Is --lint the proper way to check rule files? What am I missing so that if high scoring spam is being sent to either abc or def it gets forwarded to foo@bar.com with every other high scoring spam just getting delivered with the appropriate header additions? Are there any whitespace issues I need to be aware of? Mike From alex at nkpanama.com Sun Feb 19 21:40:19 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Feb 19 21:40:32 2006 Subject: help with --lint errors In-Reply-To: References: Message-ID: <43F8E5C3.50907@nkpanama.com> Can you try separating with tabs instead of spaces? Are you editing with Unix-style LF's, or a Windows-based (CRLF) editor? Don't know if it affects it or not, but those are the first two things I'd try. Michael Masse wrote: > Here's the highscoringspam.rules file: > To: abc@abc.com forward foo@bar.com > To: def@abc.com forward foo@bar.com > FromOrTo: default deliver header "X-Spam-Status: Yes" header "X-Spam-Flag: Yes" > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From drolland at kdinet.com Sun Feb 19 21:45:10 2006 From: drolland at kdinet.com (Diane Rolland) Date: Sun Feb 19 21:45:16 2006 Subject: Upgrading from 4.37 (I know, I know, it's OLD) In-Reply-To: <43DA91F8.6080809@ecs.soton.ac.uk> Message-ID: <000001c6359d$c3b84990$6500a8c0@kdinet.local> Julian Field wrote: > Diane Rolland wrote: >> I want to upgrade my older MailScanner version to (probably) the >> latest stable. >> > New stable version due out on the 1st of Feb, wait until then as you > really do want the new features in 4.50. >> >> I would be using the rpm installation for RedHat. So, normally, I'm >> comfortable with that type of upgrade. >> >> My concern is that since my version is SO old, is there anything I >> need to look out for in upgrading to the latest? I'm using pretty >> standard rulesets (whitelist, blacklist, archive, non.spam.actions). >> > Don't forget about running upgrade_languages_conf and > upgrade_MailScanner_conf. > > Once you have 4.50 installed, you can run MailScanner --lint to > syntax check your configuration. > OK; after being on another project for a couple weeks, I'm back to attempt this upgrade. I have the latest version 4.50.15-1. I am just a bit confused on manually editing the .rpmnew files and running the upgrade_mailcanner_conf and upgrade_language_conf. I've manually edited the .rpmnew files to include my custom configs. I then renamed the .rpmnew files to the regular file names. When I got to run the upgrade script, I'm getting: Usage: RPM === If you are using the RPM distributions then try this: cd /etc/MailScanner upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > MailScanner.new mv -f MailScanner.conf MailScanner.old mv -f MailScanner.new MailScanner.conf TAR === If you are using the tar distribution so that the old version is in /opt/MailScanner and the new one is in /opt/MailScanner.new then: cd /opt/MailScanner.new/etc ../bin/upgrade_MailScanner_conf /opt/MailScanner/etc/MailScanner.conf /opt/MailScanner.new/etc/MailScanner.conf > MailScanner.new mv -f MailScanner.conf MailScanner.old mv -f MailScanner.new MailScanner.conf NOTE ==== To keep your old comments in your original file, add "--keep-comments" to the command line. Note that this will mean you don't get to find out any extra new values you might be able to use in existing "improved" Configuration options. So, I'm not sure where I need to be right now; I think I've screwed it up somewhere... Any help would be appreciated!!!! Thanks, Diane From itdept at fractalweb.com Sun Feb 19 21:46:14 2006 From: itdept at fractalweb.com (Chris Yuzik) Date: Sun Feb 19 21:46:19 2006 Subject: Building new server - best practice? Message-ID: <43F8E726.7050206@fractalweb.com> Hey everyone, I'm building a new server and plan on having: * spamassassin (obviously) * clamav * razor * dcc What am I missing? What are the "must-have"s? Thanks From ugob at camo-route.com Sun Feb 19 21:59:25 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Sun Feb 19 21:59:39 2006 Subject: Building new server - best practice? In-Reply-To: <43F8E726.7050206@fractalweb.com> References: <43F8E726.7050206@fractalweb.com> Message-ID: Chris Yuzik wrote: > Hey everyone, > > I'm building a new server and plan on having: > * spamassassin (obviously) > * clamav > * razor > * dcc > > What am I missing? What are the "must-have"s? > > Thanks > > http://wiki.mailscanner.info/doku.php?id=maq:index -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. From alex at nkpanama.com Sun Feb 19 22:03:35 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Feb 19 22:03:59 2006 Subject: Building new server - best practice? In-Reply-To: <43F8E726.7050206@fractalweb.com> References: <43F8E726.7050206@fractalweb.com> Message-ID: <43F8EB37.9040206@nkpanama.com> * Choice of MTA (I usually go with Sendmail) * Choice of POP3/IMAP (I usually go with dovecot) * If MTA = Sendmail, what milters (SPF, clamav, DomainKeys, greylisting) * Pyzor * F-Prot? BitDefender? * Archiving * Rules Du Jour? * etc. Chris Yuzik wrote: > Hey everyone, > > I'm building a new server and plan on having: > * spamassassin (obviously) > * clamav > * razor > * dcc > > What am I missing? What are the "must-have"s? > > Thanks > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From shuttlebox at gmail.com Sun Feb 19 22:04:00 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Sun Feb 19 22:04:03 2006 Subject: Upgrading from 4.37 (I know, I know, it's OLD) In-Reply-To: <000001c6359d$c3b84990$6500a8c0@kdinet.local> References: <43DA91F8.6080809@ecs.soton.ac.uk> <000001c6359d$c3b84990$6500a8c0@kdinet.local> Message-ID: <625385e30602191404k5d363d23ta0ff17c389e865f1@mail.gmail.com> On 2/19/06, Diane Rolland wrote: > > I am just a bit confused on manually editing the .rpmnew files and running > the upgrade_mailcanner_conf and upgrade_language_conf. > > I've manually edited the .rpmnew files to include my custom configs. I > then > renamed the .rpmnew files to the regular file names. > > When I got to run the upgrade script, I'm getting: > Usage: > > RPM > === > If you are using the RPM distributions then try this: > > cd /etc/MailScanner > upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > > MailScanner.new > mv -f MailScanner.conf MailScanner.old > mv -f MailScanner.new MailScanner.conf > You shouldn't edit the rpmnew files. Just follow the instructions above and MailScanner.conf will be updated with the new options and old options will have your previous values. I use the diff command for the other files, like filename.rules.conf and filetype.rules.conf. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060219/6e356cec/attachment.html From john at jolet.net Sun Feb 19 22:11:36 2006 From: john at jolet.net (John Jolet) Date: Sun Feb 19 22:11:25 2006 Subject: Building new server - best practice? In-Reply-To: <43F8E726.7050206@fractalweb.com> References: <43F8E726.7050206@fractalweb.com> Message-ID: On Feb 19, 2006, at 3:46 PM, Chris Yuzik wrote: > Hey everyone, > > I'm building a new server and plan on having: > * spamassassin (obviously) > * clamav > * razor > * dcc > > What am I missing? What are the "must-have"s? > an mta? :) > Thanks > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From itdept at fractalweb.com Mon Feb 20 04:03:41 2006 From: itdept at fractalweb.com (Chris Yuzik) Date: Mon Feb 20 04:03:40 2006 Subject: Building new server - best practice? In-Reply-To: <43F8EB37.9040206@nkpanama.com> References: <43F8E726.7050206@fractalweb.com> <43F8EB37.9040206@nkpanama.com> Message-ID: <43F93F9D.1050206@fractalweb.com> Hi Alex, Alex Neuman van der Hans wrote: > * Choice of MTA (I usually go with Sendmail) I have decided to go with Sendmail. > * Choice of POP3/IMAP (I usually go with dovecot) Dovecot is up and running. :-) > * If MTA = Sendmail, what milters (SPF, clamav, DomainKeys, greylisting) Other than clam, I'm not familiar with these. Any idea where I can read up on them? > * Pyzor Last update to Pyzor was apparently in 2002. Is it still relevant? > * F-Prot? BitDefender? Going with Clamav and Bitdefender, I think. > * Archiving > * Rules Du Jour? What's the consensus as to which ones are must-have rules? Thanks, Chris From rob_27_preston at yahoo.co.uk Mon Feb 20 08:03:14 2006 From: rob_27_preston at yahoo.co.uk (Robert Davison) Date: Mon Feb 20 08:03:15 2006 Subject: Cron Hourly Message-ID: <20060220080314.32291.qmail@web25013.mail.ukl.yahoo.com> I've recently installed MailScanner on a CentoOS 4.2 base. I'm getting the following message from my cron.hourly /etc/cron.hourly/check_MailScanner: MailScanner manually shut down (/var/lock/subsys/MailScanner.off file exists). Not restarting. Can someone please explain whats going on here as my root mailbox is filling with this messge every hour. Thanks Rob --------------------------------- To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060220/b03f2e9d/attachment.html From glenn.steen at gmail.com Mon Feb 20 09:04:43 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 20 09:04:46 2006 Subject: Cron Hourly In-Reply-To: <20060220080314.32291.qmail@web25013.mail.ukl.yahoo.com> References: <20060220080314.32291.qmail@web25013.mail.ukl.yahoo.com> Message-ID: <223f97700602200104x1ca0f4b0x@mail.gmail.com> On 20/02/06, Robert Davison wrote: > I've recently installed MailScanner on a CentoOS 4.2 base. I'm getting the > following message from my cron.hourly > /etc/cron.hourly/check_MailScanner: MailScanner manually > shut down (/var/lock/subsys/MailScanner.off file exists). > Not restarting. > Can someone please explain whats going on here as my root mailbox is filling > with this messge every hour. > Thanks > Rob That is a "signal file" from the init script to tell the cron-job that there is a need to run... Or rather no need. It is created by sunning "service MailScanner stop" and removed by running "service MailScanner start" ... I'm guessing your run the former, the used manual measures to start everything up(?)... If you do "service MailScanner restart" everything should be cleared up. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Feb 20 09:07:31 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 20 09:07:34 2006 Subject: Cron Hourly In-Reply-To: <223f97700602200104x1ca0f4b0x@mail.gmail.com> References: <20060220080314.32291.qmail@web25013.mail.ukl.yahoo.com> <223f97700602200104x1ca0f4b0x@mail.gmail.com> Message-ID: <223f97700602200107i28e64866q@mail.gmail.com> On 20/02/06, Glenn Steen wrote: > On 20/02/06, Robert Davison wrote: > > I've recently installed MailScanner on a CentoOS 4.2 base. I'm getting the > > following message from my cron.hourly > > /etc/cron.hourly/check_MailScanner: MailScanner manually > > shut down (/var/lock/subsys/MailScanner.off file exists). > > Not restarting. > > Can someone please explain whats going on here as my root mailbox is filling > > with this messge every hour. > > Thanks > > Rob > > That is a "signal file" from the init script to tell the cron-job that > there is a need to run... Or rather no need. > It is created by sunning "service MailScanner stop" and removed by > running "service MailScanner start" ... I'm guessing your run the > former, the used manual measures to start everything up(?)... If you > do "service MailScanner restart" everything should be cleared up. > "sunning" -> "running" "I'm guessing your run the former, the ..." -> "I'm guessing you've run the former, then ..." Yet another such day... -- -- Glenn (a.k.a. Le Grand Typo) email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rob_27_preston at yahoo.co.uk Mon Feb 20 09:44:56 2006 From: rob_27_preston at yahoo.co.uk (Robert Davison) Date: Mon Feb 20 09:44:58 2006 Subject: Cron Hourly In-Reply-To: <223f97700602200107i28e64866q@mail.gmail.com> Message-ID: <20060220094456.17303.qmail@web25004.mail.ukl.yahoo.com> The odd thing is that im not shutting it down manually. MailScanner is running constantly and I'm still gettting these messages every hour. Glenn Steen wrote: On 20/02/06, Glenn Steen wrote: > On 20/02/06, Robert Davison wrote: > > I've recently installed MailScanner on a CentoOS 4.2 base. I'm getting the > > following message from my cron.hourly > > /etc/cron.hourly/check_MailScanner: MailScanner manually > > shut down (/var/lock/subsys/MailScanner.off file exists). > > Not restarting. > > Can someone please explain whats going on here as my root mailbox is filling > > with this messge every hour. > > Thanks > > Rob > > That is a "signal file" from the init script to tell the cron-job that > there is a need to run... Or rather no need. > It is created by sunning "service MailScanner stop" and removed by > running "service MailScanner start" ... I'm guessing your run the > former, the used manual measures to start everything up(?)... If you > do "service MailScanner restart" everything should be cleared up. > "sunning" -> "running" "I'm guessing your run the former, the ..." -> "I'm guessing you've run the former, then ..." Yet another such day... -- -- Glenn (a.k.a. Le Grand Typo) email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --------------------------------- Yahoo! Photos ? NEW, now offering a quality print service from just 8p a photo. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060220/94708138/attachment.html From martinh at solid-state-logic.com Mon Feb 20 09:52:58 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Feb 20 09:53:41 2006 Subject: More 4.50.15 woes on FreeBSD - Update In-Reply-To: <43F37099.3070202@tulsaconnect.com> Message-ID: <027801c63603$6fddda90$3004010a@martinhlaptop> Mike Jules is back from holidays/vacation/whateveryoucallit, so hopefully he'll be able to help out with this. I do have a small comment, that usually the 'run as user' and 'run as group' need setting when using Exim as Exim usually runs as a non-root userid. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of TCIS List Acct > Sent: 15 February 2006 18:19 > To: MailScanner discussion > Subject: Re: More 4.50.15 woes on FreeBSD - Update > > > > Koopmann, Jan-Peter wrote: > > > You have? Installed _everything_ with ports that is? All I can tell you > > is that I had a very similar problem with 4.49 until I decided to > > portupgrade all vital ports that my MailScanner port depends on, mainly > > all p5- ports. And the problem vanished immediatly! > > > > So let me ask you again: Have you tried a clean install, made sure you > > got rid of all manually installed perl modules etc. and setup everyting > > with ports only? > > JP, > > I installed everything with ports this morning, including SpamAssassin: > > Feb 15 07:55 p5-Archive-Zip-1.16 > Feb 15 07:55 p5-Compress-Zlib-1.41 > Feb 15 08:07 p5-Convert-BinHex-1.119 > Feb 15 08:07 p5-Convert-TNEF-0.17 > Feb 15 08:07 p5-DBD-SQLite-1.11_1 > Feb 15 08:07 p5-DBI-1.50 > Feb 15 07:54 p5-ExtUtils-MakeMaker-6.30_1 > Feb 15 07:55 p5-File-Temp-0.16_3 > Feb 15 07:54 p5-Getopt-Long-2.35 > Feb 15 08:13 p5-HTML-Parser-3.49_2 > Feb 15 08:08 p5-HTML-Tagset-3.10 > Feb 15 08:07 p5-IO-stringy-2.110 > Feb 15 08:07 p5-MIME-Base64-3.07 > Feb 15 08:07 p5-MIME-Tools-5.419,2 > Feb 15 08:13 p5-Mail-SpamAssassin-3.1.0_6 > Feb 15 08:07 p5-Mail-Tools-1.73 > Feb 15 08:09 p5-Net-CIDR-0.11 > Feb 15 08:13 p5-Net-DNS-0.55 > Feb 15 07:55 p5-PathTools-3.16 > Feb 15 07:55 p5-Scalar-List-Utils-1.18,1 > Feb 15 08:07 p5-Storable-2.15 > Feb 15 07:55 p5-Test-Harness-2.56 > Feb 15 07:55 p5-Test-Simple-0.62 > Feb 15 08:09 p5-Time-HiRes-1.87,1 > Feb 15 08:09 p5-TimeDate-1.16,1 > Feb 12 08:57 perl-5.8.7_2 > > It did run for a longer period of time before spiraling out of control, > but the problem did re-occur. It definitely happens soonest on the > boxes that are more heavily loaded. > > Here is my MailScanner.conf: > > %org-name% = x > %org-long-name% = x > %web-site% = x > %etc-dir% = /opt/MailScanner/etc > %report-dir% = /opt/MailScanner/etc/reports/en > %rules-dir% = /opt/MailScanner/etc/rules > %mcp-dir% = /opt/MailScanner/etc/mcp > Max Children = 5 > Run As User = > Run As Group = > Queue Scan Interval = 5 > Incoming Queue Dir = /var/spool/exim_incoming/input/* > Outgoing Queue Dir = /var/spool/exim/input > Incoming Work Dir = /var/spool/MailScanner/incoming > Quarantine Dir = /var/spool/MailScanner/quarantine > PID file = /opt/MailScanner/var/MailScanner.pid > Restart Every = 14400 > MTA = exim > Sendmail = /usr/local/sbin/exim -C /usr/local/etc/exim/configure_outgoing > Sendmail2 = /usr/local/sbin/exim -C /usr/local/etc/exim/configure_outgoing > Incoming Work User = > Incoming Work Group = > Incoming Work Permissions = 0600 > Quarantine User = > Quarantine Group = > Quarantine Permissions = 0600 > Max Unscanned Bytes Per Scan = 100000000 > Max Unsafe Bytes Per Scan = 50000000 > Max Unscanned Messages Per Scan = 30 > Max Unsafe Messages Per Scan = 30 > Max Normal Queue Size = 20 > Scan Messages = yes > Reject Message = no > Maximum Attachments Per Message = 200 > Expand TNEF = no > Deliver Unparsable TNEF = no > TNEF Expander = /opt/MailScanner/bin/tnef --maxsize=100000000 > TNEF Timeout = 120 > File Command = > File Timeout = 0 > Unrar Command = /usr/bin/unrar > Unrar Timeout = 0 > Find UU-Encoded Files = no > Maximum Message Size = 0 > Maximum Attachment Size = -1 > Minimum Attachment Size = -1 > Maximum Archive Depth = 0 > Find Archives By Content = no > Virus Scanning = yes > Virus Scanners = mcafee f-prot > Virus Scanner Timeout = 20 > Deliver Disinfected Files = no > Silent Viruses = HTML-IFrame All-Viruses > Still Deliver Silent Viruses = no > Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar > Block Encrypted Messages = no > Block Unencrypted Messages = no > Allow Password-Protected Archives = yes > Allowed Sophos Error Messages = > Sophos IDE Dir = /usr/local/Sophos/ide > Sophos Lib Dir = /usr/local/Sophos/lib > Monitors For Sophos Updates = /usr/local/Sophos/ide/*ides.zip > Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd > ClamAVmodule Maximum Recursion Level = 8 > ClamAVmodule Maximum Files = 1000 > ClamAVmodule Maximum Compression Ratio = 250 > Dangerous Content Scanning = yes > Allow Partial Messages = no > Allow External Message Bodies = no > Find Phishing Fraud = no > Also Find Numeric Phishing = no > Highlight Phishing Fraud = yes > Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf > Allow IFrame Tags = yes > Allow Form Tags = yes > Allow Script Tags = yes > Allow WebBugs = disarm > Allow Object Codebase Tags = disarm > Convert Dangerous HTML To Text = no > Convert HTML To Text = no > Allow Filenames = > Deny Filenames = > Filename Rules = > Allow Filetypes = > Deny Filetypes = > Filetype Rules = > Quarantine Infections = no > Quarantine Silent Viruses = no > Quarantine Modified Body = no > Quarantine Whole Message = no > Quarantine Whole Messages As Queue Files = no > Keep Spam And MCP Archive Clean = no > Language Strings = %report-dir%/languages.conf > Rejection Report = %report-dir%/rejection.report.txt > Deleted Bad Content Message Report = > %report-dir%/deleted.content.message.txt > Deleted Bad Filename Message Report = > %report-dir%/deleted.filename.message.txt > Deleted Virus Message Report = %report- > dir%/deleted.virus.message.txt > Stored Bad Content Message Report = %report- > dir%/stored.content.message.txt > Stored Bad Filename Message Report = > %report-dir%/stored.filename.message.txt > Stored Virus Message Report = %report-dir%/stored.virus.message.txt > Disinfected Report = %report-dir%/disinfected.report.txt > Inline HTML Signature = %report-dir%/inline.sig.html > Inline Text Signature = %report-dir%/inline.sig.txt > Inline HTML Warning = %report-dir%/inline.warning.html > Inline Text Warning = %report-dir%/inline.warning.txt > Sender Content Report = %report-dir%/sender.content.report.txt > Sender Error Report = %report-dir%/sender.error.report.txt > Sender Bad Filename Report = %report-dir%/sender.filename.report.txt > Sender Virus Report = %report-dir%/sender.virus.report.txt > Hide Incoming Work Dir = yes > Include Scanner Name In Reports = no > Mail Header = X-%org-name%-Virus-Scan: > Spam Header = X-%org-name%-Spam-Report: > Spam Score Header = X-Spam-Score: > Add Envelope From Header = yes > Add Envelope To Header = no > Envelope From Header = X-%org-name%-Orig-From: > Envelope To Header = X-%org-name%-Orig-To: > Spam Score Character = + > SpamScore Number Instead Of Stars = no > Minimum Stars If On Spam List = 7 > Clean Header Value = Found to be clean > Infected Header Value = Found to be infected > Disinfected Header Value = Virus cleaned > Information Header Value = Please contact the ISP for more information > Detailed Spam Report = yes > Include Scores In SpamAssassin Report = yes > Always Include SpamAssassin Report = yes > Multiple Headers = append > Hostname = the %org-name% ($HOSTNAME) MailScanner > Sign Messages Already Processed = no > Sign Clean Messages = no > Mark Infected Messages = yes > Mark Unscanned Messages = yes > Unscanned Header Value = Not scanned > Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: > Deliver Cleaned Messages = yes > Notify Senders = yes > Notify Senders Of Viruses = no > Notify Senders Of Blocked Filenames Or Filetypes = yes > Notify Senders Of Other Blocked Content = yes > Never Notify Senders Of Precedence = list bulk > Scanned Subject Text = [scanned] > Virus Modify Subject = no > Virus Subject Text = [virus-found] > Filename Modify Subject = yes > Filename Subject Text = [bad-attachment] > Content Modify Subject = yes > Content Subject Text = [dangerous-content] > Disarmed Modify Subject = no > Disarmed Subject Text = [disarmed] > Phishing Modify Subject = no > Phishing Subject Text = [potential-fraud] > Spam Modify Subject = yes > Spam Subject Text = [may-be-spam] > High Scoring Spam Modify Subject = yes > High Scoring Spam Subject Text = [may-be-spam] > Warning Is Attachment = yes > Attachment Warning Filename = %org-name%-Attachment-Warning.txt > Attachment Encoding Charset = ISO-8859-1 > Archive Mail = > Send Notices = no > Notices Include Full Headers = no > Hide Incoming Work Dir in Notices = no > Notice Signature = -- \nMailScanner\nEmail Virus > Scanner\nwww.mailscanner.info > Notices From = MailScanner > Notices To = postmaster > Local Postmaster = postmaster > Spam List Definitions = %etc-dir%/spam.lists.conf > Virus Scanner Definitions = %etc-dir%/virus.scanners.conf > Spam Checks = yes > Spam List = spamcop.net SBL+XBL SORBS-DNSBL > Spam Domain List = > Spam Lists To Be Spam = 1 > Spam Lists To Reach High Score = 3 > Spam List Timeout = 10 > Max Spam List Timeouts = 7 > Spam List Timeouts History = 10 > Is Definitely Not Spam = &ByDomainSpamWhitelist > Is Definitely Spam = no > Definite Spam Is High Scoring = no > Ignore Spam Whitelist If Recipients Exceed = 20 > Use SpamAssassin = yes > Max SpamAssassin Size = 30000 > Required SpamAssassin Score = 5 > High SpamAssassin Score = 15 > SpamAssassin Auto Whitelist = no > SpamAssassin Timeout = 20 > Max SpamAssassin Timeouts = 20 > SpamAssassin Timeouts History = 30 > Check SpamAssassin If On Spam List = no > Spam Score = yes > Cache SpamAssassin Results = no > SpamAssassin Cache Database File = > /var/spool/MailScanner/incoming/SpamAssassin.cache.db > Rebuild Bayes Every = 0 > Wait During Bayes Rebuild = no > Use Custom Spam Scanner = no > Max Custom Spam Scanner Size = 20000 > Custom Spam Scanner Timeout = 20 > Max Custom Spam Scanner Timeouts = 10 > Custom Spam Scanner Timeout History = 20 > Spam Actions = deliver > High Scoring Spam Actions = deliver > Non Spam Actions = deliver > Sender Spam Report = %report-dir%/sender.spam.report.txt > Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt > Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt > Inline Spam Warning = %report-dir%/inline.spam.warning.txt > Recipient Spam Report = %report-dir%/recipient.spam.report.txt > Enable Spam Bounce = %rules-dir%/bounce.rules > Bounce Spam As Attachment = no > Syslog Facility = mail > Log Speed = no > Log Spam = yes > Log Non Spam = no > Log Permitted Filenames = no > Log Permitted Filetypes = no > Log Silent Viruses = no > Log Dangerous HTML Tags = no > SpamAssassin User State Dir = > SpamAssassin Install Prefix = > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > SpamAssassin Local Rules Dir = > SpamAssassin Default Rules Dir = > MCP Checks = no > First Check = mcp > MCP Required SpamAssassin Score = 1 > MCP High SpamAssassin Score = 10 > MCP Error Score = 1 > MCP Header = X-%org-name%-MailScanner-MCPCheck: > Non MCP Actions = deliver > MCP Actions = deliver > High Scoring MCP Actions = deliver > Bounce MCP As Attachment = no > MCP Modify Subject = yes > MCP Subject Text = {MCP?} > High Scoring MCP Modify Subject = yes > High Scoring MCP Subject Text = {MCP?} > Is Definitely MCP = no > Is Definitely Not MCP = no > Definite MCP Is High Scoring = no > Always Include MCP Report = no > Detailed MCP Report = yes > Include Scores In MCP Report = no > Log MCP = no > MCP Max SpamAssassin Timeouts = 20 > MCP Max SpamAssassin Size = 100000 > MCP SpamAssassin Timeout = 10 > MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf > MCP SpamAssassin User State Dir = > MCP SpamAssassin Local Rules Dir = %mcp-dir% > MCP SpamAssassin Default Rules Dir = %mcp-dir% > MCP SpamAssassin Install Prefix = %mcp-dir% > Recipient MCP Report = %report-dir%/recipient.mcp.report.txt > Sender MCP Report = %report-dir%/sender.mcp.report.txt > Use Default Rules With Multiple Recipients = no > Spam Score Number Format = %d > MailScanner Version Number = 4.50.15 > SpamAssassin Cache Timings = 1800,300,10800,172800,600 > Debug = no > Debug SpamAssassin = no > Run In Foreground = no > Always Looked Up Last = no > Always Looked Up Last After Batch = no > Deliver In Background = yes > Delivery Method = batch > Split Exim Spool = yes > Lockfile Dir = /tmp > Custom Functions Dir = /opt/MailScanner/lib/MailScanner/CustomFunctions > Lock Type = > Minimum Code Status = supported > > -- > > ----------------------------------------- > Mike Bacher / listacct@tulsaconnect.com > TCIS - TulsaConnect Internet Services > http://www.tulsaconnect.com > ----------------------------------------- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From glenn.steen at gmail.com Mon Feb 20 09:54:47 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 20 09:54:52 2006 Subject: Cron Hourly In-Reply-To: <20060220094456.17303.qmail@web25004.mail.ukl.yahoo.com> References: <223f97700602200107i28e64866q@mail.gmail.com> <20060220094456.17303.qmail@web25004.mail.ukl.yahoo.com> Message-ID: <223f97700602200154n5af4005aj@mail.gmail.com> On 20/02/06, Robert Davison wrote: > The odd thing is that im not shutting it down manually. MailScanner is > running constantly and I'm still gettting these messages every hour. > Yes. But last time you started it, I'm pretty certain you DIDN'T start it with the init script. Have you run "service MailScanner restart"? Did that remove the file /var/lock/subsys/MailScanner.off? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From shuttlebox at gmail.com Mon Feb 20 09:59:24 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Feb 20 09:59:27 2006 Subject: Cron Hourly In-Reply-To: <20060220094456.17303.qmail@web25004.mail.ukl.yahoo.com> References: <223f97700602200107i28e64866q@mail.gmail.com> <20060220094456.17303.qmail@web25004.mail.ukl.yahoo.com> Message-ID: <625385e30602200159y68c086bfrd1446c85db04d545@mail.gmail.com> On 2/20/06, Robert Davison wrote: > > The odd thing is that im not shutting it down manually. MailScanner is > running constantly and I'm still gettting these messages every hour. > Look into the script and you will see that it checks for the presence of a lock file (it told you what file in the message). Do you have that file or not? If MS is running, remove it. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060220/e0460754/attachment.html From rob_27_preston at yahoo.co.uk Mon Feb 20 10:17:28 2006 From: rob_27_preston at yahoo.co.uk (Robert Davison) Date: Mon Feb 20 10:17:30 2006 Subject: Cron Hourly In-Reply-To: <625385e30602200159y68c086bfrd1446c85db04d545@mail.gmail.com> Message-ID: <20060220101729.58066.qmail@web25007.mail.ukl.yahoo.com> OK, i've looked at the check_MailScanner script which has the lines.... LOCKFILE=/var/lock/check_Mailscanner.lock MS_LOCKFILE=/var/lock/subsys/MailScanner.off I dont have a /var/lock/check_MailScanner file, and also no /var/lock/subsys/MalScanner.off file .... but there is a MailScanner file here. shuttlebox wrote: On 2/20/06, Robert Davison wrote: The odd thing is that im not shutting it down manually. MailScanner is running constantly and I'm still gettting these messages every hour. Look into the script and you will see that it checks for the presence of a lock file (it told you what file in the message). Do you have that file or not? If MS is running, remove it. -- /peter -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --------------------------------- To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060220/39049783/attachment.html From jonas.lilja at exallon.sigma.se Mon Feb 20 10:33:10 2006 From: jonas.lilja at exallon.sigma.se (Jonas Lilja) Date: Mon Feb 20 10:34:22 2006 Subject: unrar Message-ID: <34D06C003AA0EA4D8D9B9443E7BDDD9501CDEB09@ikaros.exallon.sigma.se> Hi, my problem is that /var/log/maillog reports that MailScanner wants to use unrar (which I don?t want to use): Maillog: Feb 20 11:11:06 athena MailScanner[25350]: Unrar command /usr/bin/unrar does not exist or is not executable, please either install it or remove the setting from MailScanner.conf I?m very confused because I have already commented out the unrar options I MailScanner.conf (and restarted MailScanner): MailScanner.conf: # Unrar Command = /usr/bin/unrar # The maximum length of time the "unrar" command is allowed to run for 1 # RAR archive (in seconds) # Unrar Timeout = 50 What can I do to solve this? Regards /Jonas Lilja From andoni.auzmendi at robertwalters.com Mon Feb 20 11:16:22 2006 From: andoni.auzmendi at robertwalters.com (Andoni Auzmendi) Date: Mon Feb 20 11:18:30 2006 Subject: unrar Message-ID: <1A8B0BB098059B42BCFF0EB7E2E62FD065BF1B@PAT.internal.robertwalters.com> I reckon you should comment out after the equal sign like below: Unrar Command = # /usr/bin/unrar Andoni -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jonas Lilja Sent: 20 February 2006 10:33 To: mailscanner@lists.mailscanner.info Subject: unrar Hi, my problem is that /var/log/maillog reports that MailScanner wants to use unrar (which I don?t want to use): Maillog: Feb 20 11:11:06 athena MailScanner[25350]: Unrar command /usr/bin/unrar does not exist or is not executable, please either install it or remove the setting from MailScanner.conf I?m very confused because I have already commented out the unrar options I MailScanner.conf (and restarted MailScanner): MailScanner.conf: # Unrar Command = /usr/bin/unrar # The maximum length of time the "unrar" command is allowed to run for 1 # RAR archive (in seconds) # Unrar Timeout = 50 What can I do to solve this? Regards /Jonas Lilja -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** From rcooper at dwford.com Mon Feb 20 11:52:38 2006 From: rcooper at dwford.com (Rick Cooper) Date: Mon Feb 20 11:52:55 2006 Subject: ytnef Message-ID: Glenn (Steen), Were you supposed to remind me about something regarding ytnef? I don't have the thread anymore if you do could you refresh it now that Julian is back? Rick Cooper -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Mon Feb 20 12:27:45 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 20 12:28:01 2006 Subject: Building new server - best practice? In-Reply-To: <43F93F9D.1050206@fractalweb.com> References: <43F8E726.7050206@fractalweb.com> <43F8EB37.9040206@nkpanama.com> <43F93F9D.1050206@fractalweb.com> Message-ID: <43F9B5C1.3060100@nkpanama.com> Chris Yuzik wrote: > Hi Alex, > > Alex Neuman van der Hans wrote: >> * Choice of MTA (I usually go with Sendmail) > I have decided to go with Sendmail. Good for you... lots of info out there. >> * Choice of POP3/IMAP (I usually go with dovecot) > Dovecot is up and running. :-) Good. You might want to implement SSL if you haven't already. >> * If MTA = Sendmail, what milters (SPF, clamav, DomainKeys, greylisting) > Other than clam, I'm not familiar with these. Any idea where I can > read up on them? Read up on milters at the sendmail site or google around. SPF - http://openspf.org/, http://www.city-fan.org/ftp/contrib/mail/ DomainKeys - http://antispam.yahoo.com/domainkeys, http://sourceforge.net/projects/dk-milter/ ClamAV - Look for info at the clamav site, and compile clamav with ./configure --enable-milter (reqs. sendmail-devel) Greylisting - http://hcpnet.free.fr/milter-greylist/ >> * Pyzor > Last update to Pyzor was apparently in 2002. Is it still relevant? Yes. Pyzor may have been last updated 2002, but it does the job, when it *does* find messages known to it to be spam. >> * F-Prot? BitDefender? > Going with Clamav and Bitdefender, I think. >> * Archiving >> * Rules Du Jour? > What's the consensus as to which ones are must-have rules? Whatever works for you ;) > > Thanks, > Chris -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From shuttlebox at gmail.com Mon Feb 20 12:35:32 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Feb 20 12:35:35 2006 Subject: unrar In-Reply-To: <34D06C003AA0EA4D8D9B9443E7BDDD9501CDEB09@ikaros.exallon.sigma.se> References: <34D06C003AA0EA4D8D9B9443E7BDDD9501CDEB09@ikaros.exallon.sigma.se> Message-ID: <625385e30602200435x60d148c9s9314d800a1b219a1@mail.gmail.com> On 2/20/06, Jonas Lilja wrote: > > Hi, > > my problem is that /var/log/maillog reports that MailScanner wants to use > unrar (which I don?t want to use): > > Maillog: > Feb 20 11:11:06 athena MailScanner[25350]: Unrar command /usr/bin/unrar > does not exist or is not executable, please either install it or remove the > setting from MailScanner.conf > > I?m very confused because I have already commented out the unrar options I > MailScanner.conf (and restarted MailScanner): > > MailScanner.conf: > # Unrar Command = /usr/bin/unrar > > # The maximum length of time the "unrar" command is allowed to run for 1 > # RAR archive (in seconds) > # Unrar Timeout = 50 > > What can I do to solve this? > By commenting out the whole option you just tell MS to use the default value. It's the value you should comment out. Unrar Command = # /usr/bin/unrar -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060220/e61b27a5/attachment.html From rob_27_preston at yahoo.co.uk Mon Feb 20 13:26:10 2006 From: rob_27_preston at yahoo.co.uk (Robert Davison) Date: Mon Feb 20 13:26:13 2006 Subject: spamassassinprefsfile Error Message-ID: <20060220132610.18402.qmail@web25006.mail.ukl.yahoo.com> I'm getting the following error in my maillog....... Feb 20 12:04:26 as MailScanner[12190]: MailScanner E-Mail Virus Scanner version 4.50.15 starting... Feb 20 12:04:26 as MailScanner[12190]: Syntax error(s) in configuration file: Feb 20 12:04:26 as MailScanner[12190]: Unrecognised keyword "spamassassinprefsfile" at line 2078 Feb 20 12:04:26 as MailScanner[12190]: Aborting due to syntax errors in /etc/MailScanner/MailScanner.conf. Feb 20 12:04:28 as MailScanner[12190]: Enabling SpamAssassin auto-whitelist functionality... Feb 20 12:04:30 as MailScanner[12190]: Using locktype = flock Its the unrecognised keyword bit that confusing me as my line 2078 in my MailScanner.conf is.... SpamAssassin Prefs File = /etc/MailScanner/spam.assassin.prefs.conf Is this meaning that there is something worng with my spamassassin conf file ? and no MailScanner.conf as the error is reporting ? --------------------------------- Yahoo! Photos ? NEW, now offering a quality print service from just 8p a photo. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060220/6d2bc069/attachment.html From drolland at kdinet.com Mon Feb 20 13:29:08 2006 From: drolland at kdinet.com (Diane Rolland) Date: Mon Feb 20 13:29:14 2006 Subject: Upgrading from 4.37 (I know, I know, it's OLD) In-Reply-To: <625385e30602191404k5d363d23ta0ff17c389e865f1@mail.gmail.com> Message-ID: <000001c63621$a2624e10$6500a8c0@kdinet.local> _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shuttlebox Sent: Sunday, February 19, 2006 4:04 PM To: MailScanner discussion Subject: Re: Upgrading from 4.37 (I know, I know, it's OLD) On 2/19/06, Diane Rolland wrote: I am just a bit confused on manually editing the .rpmnew files and running the upgrade_mailcanner_conf and upgrade_language_conf. I've manually edited the .rpmnew files to include my custom configs. I then renamed the .rpmnew files to the regular file names. When I got to run the upgrade script, I'm getting: Usage: RPM === If you are using the RPM distributions then try this: cd /etc/MailScanner upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > MailScanner.new mv -f MailScanner.conf MailScanner.old mv -f MailScanner.new MailScanner.conf You shouldn't edit the rpmnew files. Just follow the instructions above and MailScanner.conf will be updated with the new options and old options will have your previous values. I use the diff command for the other files, like filename.rules.conf and filetype.rules.conf. -- /peter Thanks; I've downgraded and will try the entire process again later. -Diane -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060220/4e92fcf5/attachment.html From prandal at herefordshire.gov.uk Mon Feb 20 13:40:01 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Feb 20 13:40:18 2006 Subject: spamassassinprefsfile Error Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580B5DCC68@isabella.herefordshire.gov.uk> It's likely that after running upgrade_MailScanner_conf you forgot to mv -f MailScanner.conf MailScanner.old mv -f MailScanner.new MailScanner.conf The SpamAssassin Prefs File = /etc/MailScanner/spam.assassin.prefs.conf line in MailScanner.conf is now deprecated. Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Robert Davison Sent: 20 February 2006 13:26 To: mailscanner@lists.mailscanner.info Subject: spamassassinprefsfile Error I'm getting the following error in my maillog....... Feb 20 12:04:26 as MailScanner[12190]: MailScanner E-Mail Virus Scanner version 4.50.15 starting... Feb 20 12:04:26 as MailScanner[12190]: Syntax error(s) in configuration file: Feb 20 12:04:26 as MailScanner[12190]: Unrecognised keyword "spamassassinprefsfile" at line 2078 Feb 20 12:04:26 as MailScanner[12190]: Aborting due to syntax errors in /etc/MailScanner/MailScanner.conf. Feb 20 12:04:28 as MailScanner[12190]: Enabling SpamAssassin auto-whitelist functionality... Feb 20 12:04:30 as MailScanner[12190]: Using locktype = flock Its the unrecognised keyword bit that confusing me as my line 2078 in my MailScanner.conf is.... SpamAssassin Prefs File = /etc/MailScanner/spam.assassin.prefs.conf Is this meaning that there is something worng with my spamassassin conf file ? and no MailScanner.c! onf as the error is reporting ? _____ Yahoo! Photos - NEW, now offering a quality print service from just 8p a photo. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060220/a418d4c6/attachment.html From glenn.steen at gmail.com Mon Feb 20 13:45:15 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 20 13:45:19 2006 Subject: ytnef In-Reply-To: References: Message-ID: <223f97700602200545k320a3243y@mail.gmail.com> On 20/02/06, Rick Cooper wrote: > Glenn (Steen), > > Were you supposed to remind me about something regarding ytnef? I don't have > the thread anymore if you do could you refresh it now that Julian is back? > Yup... I think I actually told you to tell me to tell you.... So this is in line with that:-). Here you go: http://comments.gmane.org/gmane.mail.virus.mailscanner/36788 -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rob_27_preston at yahoo.co.uk Mon Feb 20 13:46:16 2006 From: rob_27_preston at yahoo.co.uk (Robert Davison) Date: Mon Feb 20 13:46:18 2006 Subject: spamassassinprefsfile Error In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580B5DCC68@isabella.herefordshire.gov.uk> Message-ID: <20060220134616.95547.qmail@web25004.mail.ukl.yahoo.com> what can I do now to fix this...can I run these scripts now ? "Randal, Phil" wrote: It's likely that after running upgrade_MailScanner_conf you forgot to mv -f MailScanner.conf MailScanner.old mv -f MailScanner.new MailScanner.conf The SpamAssassin Prefs File = /etc/MailScanner/spam.assassin.prefs.conf line in MailScanner.conf is now deprecated. Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK --------------------------------- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Robert Davison Sent: 20 February 2006 13:26 To: mailscanner@lists.mailscanner.info Subject: spamassassinprefsfile Error I'm getting the following error in my maillog....... Feb 20 12:04:26 as MailScanner[12190]: MailScanner E-Mail Virus Scanner version 4.50.15 starting... Feb 20 12:04:26 as MailScanner[12190]: Syntax error(s) in configuration file: Feb 20 12:04:26 as MailScanner[12190]: Unrecognised keyword "spamassassinprefsfile" at line 2078 Feb 20 12:04:26 as MailScanner[12190]: Aborting due to syntax errors in /etc/MailScanner/MailScanner.conf. Feb 20 12:04:28 as MailScanner[12190]: Enabling SpamAssassin auto-whitelist functionality... Feb 20 12:04:30 as MailScanner[12190]: Using locktype = flock Its the unrecognised keyword bit that confusing me as my line 2078 in my MailScanner.conf is.... SpamAssassin Prefs File = /etc/MailScanner/spam.assassin.prefs.conf Is this meaning that there is something worng with my spamassassin conf file ? and no MailScanner.c! onf as the error is reporting ? --------------------------------- Yahoo! Photos ? NEW, now offering a quality print service from just 8p a photo.-- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --------------------------------- Yahoo! Messenger NEW - crystal clear PC to PC calling worldwide with voicemail -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060220/db75e8b2/attachment.html From glenn.steen at gmail.com Mon Feb 20 13:49:22 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 20 13:49:25 2006 Subject: Cron Hourly In-Reply-To: <20060220101729.58066.qmail@web25007.mail.ukl.yahoo.com> References: <625385e30602200159y68c086bfrd1446c85db04d545@mail.gmail.com> <20060220101729.58066.qmail@web25007.mail.ukl.yahoo.com> Message-ID: <223f97700602200549y757c1f23u@mail.gmail.com> On 20/02/06, Robert Davison wrote: > OK, i've looked at the check_MailScanner script which has the lines.... > > LOCKFILE=/var/lock/check_Mailscanner.lock > MS_LOCKFILE=/var/lock/subsys/MailScanner.off > > I dont have a /var/lock/check_MailScanner file, and also no > /var/lock/subsys/MalScanner.off file .... but there is a > MailScanner file here. > And if you run the script (as root) it still reports the error? That'd be a bit strange, provided what you say here is correct. Can you (as root) touch /var/lock/subsys/MailScanner.off rm /var/lock/subsys/MailScanner.off ...? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From prandal at herefordshire.gov.uk Mon Feb 20 13:53:21 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Feb 20 13:53:37 2006 Subject: spamassassinprefsfile Error Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580B5DCC6F@isabella.herefordshire.gov.uk> Copy your existing MailScanner.conf somewhere safe and then run upgrade_MailScanner_conf and follow the instructions it prints on screen. If the resultant MailScanner.conf is zero bytes long after doing that, something's awry, co copy back your original MailScanner.conf and edit it to delete the SpamAssassin Prefs File = /etc/MailScanner/spam.assassin.prefs.conf line. Then MailScanner --lint to see what errors it picks up. If OK, restart MailScanner in the normal manner. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Robert Davison Sent: 20 February 2006 13:46 To: MailScanner discussion Subject: RE: spamassassinprefsfile Error what can I do now to fix this...can I run these scripts now ? "Randal, Phil" wrote: It's likely that after running upgrade_MailScanner_conf you forgot to mv -f MailScanner.conf MailScanner.old mv -f MailScanner.new MailScanner.conf The SpamAssassin Prefs File = /etc/MailScanner/spam.assassin.prefs.conf line in MailScanner.conf is now deprecated. Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Robert Davison Sent: 20 February 2006 13:26 To: mailscanner@lists.mailscanner.info Subject: spamassassinprefsfile Error I'm getting the following error in my maillog....... Feb 20 12:04:26 as MailScanner[12190]: MailScanner E-Mail Virus Scanner version 4.50.15 starting... Feb 20 12:04:26 as MailScanner[12190]: Syntax error(s) in configuration file: Feb 20 12:04:26 as MailScanner[12190]: Unrecognised keyword "spamassassinprefsfile" at line 2078! Feb 20 12:04:26 as MailScanner[12190]: Aborting due to syntax errors in /etc/MailScanner/MailScanner.conf. Feb 20 12:04:28 as MailScanner[12190]: Enabling SpamAssassin auto-whitelist functionality... Feb 20 12:04:30 as MailScanner[12190]: Using locktype = flock Its the unrecognised keyword bit that confusing me as my line 2078 in my MailScanner.conf is.... SpamAssassin Prefs File = /etc/MailScanner/spam.assassin.prefs.conf Is this meaning that there is something worng with my spamassassin conf file ? and no MailScanner.c! onf as the error is reporting ? _____ Yahoo! Photos - NEW, now offering a quality print service from just 8p a photo. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! _____ Yahoo! Messenger NEW - crystal clear PC to PC calling worldwide with voicemail -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060220/767150cd/attachment.html From rob_27_preston at yahoo.co.uk Mon Feb 20 13:53:45 2006 From: rob_27_preston at yahoo.co.uk (Robert Davison) Date: Mon Feb 20 13:53:46 2006 Subject: Cron Hourly In-Reply-To: <223f97700602200549y757c1f23u@mail.gmail.com> Message-ID: <20060220135345.97795.qmail@web25004.mail.ukl.yahoo.com> I did the command as root and all went ok. What does this mean ? Glenn Steen wrote: On 20/02/06, Robert Davison wrote: > OK, i've looked at the check_MailScanner script which has the lines.... > > LOCKFILE=/var/lock/check_Mailscanner.lock > MS_LOCKFILE=/var/lock/subsys/MailScanner.off > > I dont have a /var/lock/check_MailScanner file, and also no > /var/lock/subsys/MalScanner.off file .... but there is a > MailScanner file here. > And if you run the script (as root) it still reports the error? That'd be a bit strange, provided what you say here is correct. Can you (as root) touch /var/lock/subsys/MailScanner.off rm /var/lock/subsys/MailScanner.off ...? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --------------------------------- To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060220/dc9a8607/attachment.html From rcooper at dwford.com Mon Feb 20 13:54:54 2006 From: rcooper at dwford.com (Rick Cooper) Date: Mon Feb 20 13:55:17 2006 Subject: ytnef In-Reply-To: <223f97700602200545k320a3243y@mail.gmail.com> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Glenn > Steen > Sent: Monday, February 20, 2006 8:45 AM > To: MailScanner discussion > Subject: Re: ytnef > > > On 20/02/06, Rick Cooper wrote: > > Glenn (Steen), > > > > Were you supposed to remind me about something regarding ytnef? > I don't have > > the thread anymore if you do could you refresh it now that > Julian is back? > > > Yup... I think I actually told you to tell me to tell you.... So this > is in line with that:-). > > Here you go: > http://comments.gmane.org/gmane.mail.virus.mailscanner/36788 > That is it, Julian if you have the time could you look at that thread? In the tests I did with it the conversion of tenf/rich text appeared to be rock solid and perfect every time. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Mon Feb 20 14:03:31 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 20 14:03:36 2006 Subject: Cron Hourly In-Reply-To: <20060220135345.97795.qmail@web25004.mail.ukl.yahoo.com> References: <223f97700602200549y757c1f23u@mail.gmail.com> <20060220135345.97795.qmail@web25004.mail.ukl.yahoo.com> Message-ID: <223f97700602200603i3d9a119cx@mail.gmail.com> On 20/02/06, Robert Davison wrote: > I did the command as root and all went ok. What does this mean ? > > Glenn Steen wrote: > On 20/02/06, Robert Davison wrote: > > OK, i've looked at the check_MailScanner script which has the lines.... > > > > LOCKFILE=/var/lock/check_Mailscanner.lock > > MS_LOCKFILE=/var/lock/subsys/MailScanner.off > > > > I dont have a /var/lock/check_MailScanner file, and also no > > /var/lock/subsys/MalScanner.off file .... but there is a > > MailScanner file here. > > > And if you run the script (as root) it still reports the error? That'd > be a bit strange, provided what you say here is correct. > Can you (as root) > touch /var/lock/subsys/MailScanner.off > rm /var/lock/subsys/MailScanner.off > ...? > It tells us that there currently isn't anything wrong with your setup:-). Unless it still generates the error message you qouted in the initial message, when run crom cron.hourly... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dave at legatio.com Mon Feb 20 16:41:58 2006 From: dave at legatio.com (Dave Barter) Date: Mon Feb 20 16:38:47 2006 Subject: Manual/Auto Whitelist Message-ID: <00ec01c6363c$921eaf60$0202fea9@davepc> Hi, Firstly my apologies if this is an FAQ but I could not find a suitable answer. I have a MailScanner installation running spamassassin. I have set my non-spam scores quite low and all is looking good. I redirect all low scoring spam to a mailbox called "spam" and check this manually. All false positives are then copied manually by me to a mailbox called "ham" and every night I run a cron job as follows:- /usr/bin/sa-learn --ham --mbox /var/spool/mail/ham This does not seem to be working though and I think it is because I am not running this job as the root user. Is it possible for me to have a non-root script that will run AND also auto-whitelist any "from" address in the ham mailbox Thanks Dave -- Legatio Technologies Ltd. http://www.legatio.com eMail: dave.barter@legatio.com Phone: 01793 638639 Mobile: 07799 414702 Fax: 0870 4601628 This message is confidential. It may not be disclosed to, or used by, anyone other than the addressee(s). If you receive this message in error, please advise us immediately using the email address postmaster@legatio.com. Internet e-mail is not necessarily secure. Legatio Technologies will not accept responsibility for alterations or additions to any e-mail message or attached documents that occur after transmission. -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.15.11/264 - Release Date: 17/02/2006 From jimcsoka at mail.dominionfirstmortgage.com Sun Feb 19 14:22:48 2006 From: jimcsoka at mail.dominionfirstmortgage.com (Jim Csoka) Date: Mon Feb 20 16:53:41 2006 Subject: Mail Archive In-Reply-To: <43F7D7C5.9040501@nkpanama.com> References: <43F77980.30603@ecs.soton.ac.uk> <43F7D7C5.9040501@nkpanama.com> Message-ID: <20060219142121.M40995@mail.dominionfirstmortgage.com> The way I do it is I created a user called bigbrother. I then have Mailscanner archive mail to /var/mail/bigbrother. Then I simply set up the account with outlook, or use openwebmail, and view the mail. Pretty easy. On Sat, 18 Feb 2006 21:28:21 -0500, Alex Neuman van der Hans wrote > Or send them using rulesets to separate mbox files, and then read > them with IMAP or any standards-based mail program. > > Julian Field wrote: > > fname lname wrote: > >> I have the mail archive option on in mailscanner and I what to know > >> how do I go about view the archived mail. And is there a web base ap > >> i can use to view these archived mail. > > The archive mail will by default go into > > /var/spool/MailScanner/archive. The files will normally be raw queue > > files. With sendmail you can just look at the text in the files, > > similarly with Exim. With Postfix you will need to use postcat on the > > queue files stored in there. > > > > -- > > Alex Neuman van der Hans > N&K Technology Consultants > Tel. +507 214-9002 - http://nkpanama.com/ > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From dave.barter at legatio.com Mon Feb 20 16:30:23 2006 From: dave.barter at legatio.com (Dave Barter) Date: Mon Feb 20 16:53:45 2006 Subject: Manual Whitelist Message-ID: <00e601c6363a$f43fc1e0$0202fea9@davepc> Hi, Firstly my apologies if this is an FAQ but I could not find a suitable answer. I have a MailScanner installation running spamassassin. I have set my non-spam scores quite low and all is looking good. I redirect all low scoring spam to a mailbox called "spam" and check this manually. All false positives are then copied manually by me to a mailbox called "ham" and every night I run a cron job as follows:- /usr/bin/sa-learn --ham --mbox /var/spool/mail/ham This does not seem to be working though and I think it is because I am not running this job as the root user. Is it possible for me to have a non-root script that will run AND also auto-whitelist any "from" address in the ham mailbox Thanks Dave -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.15.11/264 - Release Date: 17/02/2006 From martinh at solid-state-logic.com Mon Feb 20 17:08:59 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Mon Feb 20 17:09:16 2006 Subject: Manual/Auto Whitelist In-Reply-To: <00ec01c6363c$921eaf60$0202fea9@davepc> Message-ID: <005801c63640$59452b70$3004010a@martinhlaptop> Dave The user who runs this cron job will need write permissions on the bayes database files and directory for SpamAssassin. So yes you can run this as non-root. As for the autowhitelist, there is a similar facility built into SA, but I found it not very reliable and triggered when it shouldn't have too many times. Others find it OK so YMMV. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Dave Barter > Sent: 20 February 2006 16:42 > To: mailscanner@lists.mailscanner.info > Subject: Manual/Auto Whitelist > > Hi, > > Firstly my apologies if this is an FAQ but I could not find a suitable > answer. > > I have a MailScanner installation running spamassassin. I have set my non- > spam scores quite low and all is looking good. > > I redirect all low scoring spam to a mailbox called "spam" and check this > manually. All false positives are then copied manually by > me to a mailbox called "ham" and every night I run a cron job as follows:- > > /usr/bin/sa-learn --ham --mbox /var/spool/mail/ham > > This does not seem to be working though and I think it is because I am not > running this job as the root user. > > Is it possible for me to have a non-root script that will run AND also > auto-whitelist any "from" address in the ham mailbox > > Thanks > Dave > > -- > > Legatio Technologies Ltd. > http://www.legatio.com > eMail: dave.barter@legatio.com > Phone: 01793 638639 > Mobile: 07799 414702 > Fax: 0870 4601628 > > This message is confidential. It may not be disclosed to, or used by, > anyone other than the addressee(s). If you receive this > message in error, please advise us immediately using the email address > postmaster@legatio.com. Internet e-mail is not necessarily > secure. Legatio Technologies will not accept responsibility for > alterations or additions to any e-mail message or attached documents > that occur after transmission. > > > -- > No virus found in this outgoing message. > Checked by AVG Free Edition. > Version: 7.1.375 / Virus Database: 267.15.11/264 - Release Date: > 17/02/2006 > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From mrm at medicine.wisc.edu Mon Feb 20 17:41:46 2006 From: mrm at medicine.wisc.edu (Michael Masse) Date: Mon Feb 20 17:42:32 2006 Subject: help with --lint errors Message-ID: I have tried using all tabs and all spaces and only LF's and only CRLF's verified by: oc -c highscoringspam.rules Messing with whitespace doesn't seem to make any difference. Is there something wrong with my syntax?? Mike >>> alex@nkpanama.com 2/19/2006 3:40 PM >>> Can you try separating with tabs instead of spaces? Are you editing with Unix-style LF's, or a Windows-based (CRLF) editor? Don't know if it affects it or not, but those are the first two things I'd try. Michael Masse wrote: > Here's the highscoringspam.rules file: > To: abc@abc.com forward foo@bar.com > To: def@abc.com forward foo@bar.com > FromOrTo: default deliver header "X-Spam-Status: Yes" header "X-Spam-Flag: Yes" > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mrm at medicine.wisc.edu Mon Feb 20 18:13:36 2006 From: mrm at medicine.wisc.edu (Michael Masse) Date: Mon Feb 20 18:14:11 2006 Subject: help with --lint errors Message-ID: Whoops.. The command to check whitespace is od not oc. Mike >>> mrm@medicine.wisc.edu 2/20/2006 11:41 AM >>> I have tried using all tabs and all spaces and only LF's and only CRLF's verified by: oc -c highscoringspam.rules Messing with whitespace doesn't seem to make any difference. Is there something wrong with my syntax?? From ajos1 at onion.demon.co.uk Mon Feb 20 18:41:08 2006 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Mon Feb 20 18:41:21 2006 Subject: Slow Batch Processing... Message-ID: - Below is a section from LogWatch... since we have gone to the latest version of MailScanner... we are getting very slow processing... and sometimes in the end we have to restart MailScanner and spamassasin to get the load average back down to 0.3 from the huge 20's and 30's it goes upto! There is one line that says the batch was processed in 433 seconds! This system is only getting 10 or so messages an hour... At this instant... with one 34k message being sent out we have... Top 3 processes... PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 327 root 15 0 0 0 0 S 0.7 0.0 0:59.54 kjournald 5676 root 17 0 44756 17m 2660 S 0.7 6.9 0:21.61 MailScanner 6905 root 16 0 46964 17m 2708 S 0.3 7.0 0:19.85 MailScanner Does anyone have a clue what I should look at first? Thanks in advance-o, Ajos1. ------- I have found clamav mcafee scanners installed, and will use them all by defa ult. : 22 Time(s) Expired 2 records from the SpamAssassin cache : 12 Time(s) Expired 3 records from the SpamAssassin cache : 8 Time(s) Expired 4 records from the SpamAssassin cache : 4 Time(s) Batch processed in 29.75 seconds : 2 Time(s) Expired 6 records from the SpamAssassin cache : 2 Time(s) Batch processed in 26.04 seconds : 2 Time(s) Expired 5 records from the SpamAssassin cache : 2 Time(s) Batch processed in 43.73 seconds : 1 Time(s) Batch processed in 23.82 seconds : 1 Time(s) Batch processed in 30.51 seconds : 1 Time(s) Batch processed in 22.59 seconds : 1 Time(s) Batch processed in 83.69 seconds : 1 Time(s) Batch processed in 17.55 seconds : 1 Time(s) Batch processed in 17.59 seconds : 1 Time(s) Batch processed in 18.94 seconds : 1 Time(s) Batch processed in 433.74 seconds : 1 Time(s) Batch processed in 11.35 seconds : 1 Time(s) == ===================================================================== = = "A committee of one... gets things done." = = "It is always sunny in my life..." - Ajos1 = = "There will be a press feeding frenzy now - if anyone else has any = skeletons in their closets, they'll soon be out and dancing." = = Need help dealing with Parking Tickets, Bailiffs, Capita or NTL... = Call... +44 8457 90 90 90 http://www.samaritans.org/ ===================================================================== From MailScanner at ecs.soton.ac.uk Mon Feb 20 18:47:30 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 20 18:47:40 2006 Subject: Slow Batch Processing... In-Reply-To: References: Message-ID: <43FA0EC2.9080301@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What OS are you running? If a BSD-variant, try switching off the SpamAssassin Cache (in MailScanner.conf) and then restart MailScanner. There appears to be something funny with the cache on some bsd-based boxes. Haven't got to the bottom of that yet. Need new devel server, which is still on the cards. ajos1@onion.demon.co.uk wrote: > - > > Below is a section from LogWatch... since we have gone to the latest version of MailScanner... we are getting very slow processing... and sometimes in the end we have to restart MailScanner and spamassasin to get the load average back down to 0.3 from the huge 20's and 30's it goes upto! > > There is one line that says the batch was processed in 433 seconds! This system is only getting 10 or so messages an hour... > > At this instant... with one 34k message being sent out we have... Top 3 processes... > > PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND > 327 root 15 0 0 0 0 S 0.7 0.0 0:59.54 kjournald > 5676 root 17 0 44756 17m 2660 S 0.7 6.9 0:21.61 MailScanner > 6905 root 16 0 46964 17m 2708 S 0.3 7.0 0:19.85 MailScanner > > Does anyone have a clue what I should look at first? > > Thanks in advance-o, Ajos1. > > ------- > > I have found clamav mcafee scanners installed, and will use them all by defa > ult. : 22 Time(s) > Expired 2 records from the SpamAssassin cache : 12 Time(s) > Expired 3 records from the SpamAssassin cache : 8 Time(s) > Expired 4 records from the SpamAssassin cache : 4 Time(s) > Batch processed in 29.75 seconds : 2 Time(s) > Expired 6 records from the SpamAssassin cache : 2 Time(s) > Batch processed in 26.04 seconds : 2 Time(s) > Expired 5 records from the SpamAssassin cache : 2 Time(s) > Batch processed in 43.73 seconds : 1 Time(s) > Batch processed in 23.82 seconds : 1 Time(s) > Batch processed in 30.51 seconds : 1 Time(s) > Batch processed in 22.59 seconds : 1 Time(s) > Batch processed in 83.69 seconds : 1 Time(s) > Batch processed in 17.55 seconds : 1 Time(s) > Batch processed in 17.59 seconds : 1 Time(s) > Batch processed in 18.94 seconds : 1 Time(s) > Batch processed in 433.74 seconds : 1 Time(s) > Batch processed in 11.35 seconds : 1 Time(s) > > == > ===================================================================== > = > = "A committee of one... gets things done." > = > = "It is always sunny in my life..." - Ajos1 > = > = "There will be a press feeding frenzy now - if anyone else has any > = skeletons in their closets, they'll soon be out and dancing." > = > = Need help dealing with Parking Tickets, Bailiffs, Capita or NTL... > = Call... +44 8457 90 90 90 http://www.samaritans.org/ > ===================================================================== > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBQ/oOxRH2WUcUFbZUEQKu2QCgzn7ik/+cPYJLzYywmyFaYwSLX84An3XI 7F/HPbLzzQPibEPdzhgEUazT =qZZU -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ajos1 at onion.demon.co.uk Mon Feb 20 18:54:16 2006 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Mon Feb 20 18:54:28 2006 Subject: Slow Batch Processing... Message-ID: - Redhat FC4 Linux linux.domainremoved.co.uk 2.6.15-1.1830_FC4 #1 Thu Feb 2 17:23:41 EST 2006 i686 athlon i386 GNU/Linux -----Original Message----- From: MailScanner discussion References: <43FA0EC2.9080301@ecs.soton.ac.uk> Message-ID: <43FA1451.4090103@tulsaconnect.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > What OS are you running? > If a BSD-variant, try switching off the SpamAssassin Cache (in > MailScanner.conf) and then restart MailScanner. > > There appears to be something funny with the cache on some bsd-based > boxes. Haven't got to the bottom of that yet. Need new devel server, > which is still on the cards. FWIW, switching off the SA cache on our FreeBSD boxes made no difference in the problem with 4.50.x.. If there is anything more I can do to help you track down the problem, let me know. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From cstone at axint.net Mon Feb 20 19:25:01 2006 From: cstone at axint.net (Chris Stone) Date: Mon Feb 20 19:26:23 2006 Subject: Building new server - best practice? In-Reply-To: <43F8EB37.9040206@nkpanama.com> References: <43F8E726.7050206@fractalweb.com> <43F8EB37.9040206@nkpanama.com> Message-ID: <200602201225.09222@cs.axint.net> On Sunday 19 February 2006 03:03 pm, Alex Neuman van der Hans wrote: > * If MTA = Sendmail, what milters (SPF, clamav, DomainKeys, greylisting) And milter-ahead or milter-sender to validate email addresses at the MTA level..... And I like milter-limit too for the flexibility of throttling some connections, destination addresses, etc... Chris -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060220/42700620/attachment.bin From dave at legatio.com Mon Feb 20 19:29:57 2006 From: dave at legatio.com (Dave Barter) Date: Mon Feb 20 19:26:46 2006 Subject: Manual/Auto Whitelist In-Reply-To: <200602201857.k1KIv1s8013235@bkserver.blacknight.ie> Message-ID: <000001c63654$09cfbd80$0202fea9@davepc> Message: 16 Date: Mon, 20 Feb 2006 17:08:59 -0000 From: "Martin Hepworth" Subject: t To: "'MailScanner discussion'" Message-ID: <005801c63640$59452b70$3004010a@martinhlaptop> Content-Type: text/plain; charset="US-ASCII" >Dave >The user who runs this cron job will need write permissions on the bayes database files and directory for SpamAssassin. So yes you can run >this as non-root. >As for the autowhitelist, there is a similar facility built into SA, but I found it not very reliable and triggered when it shouldn't have too many >times. Others find it OK so YMMV. -- Thanks, so you are saying that sa-learn operates on only one seet of files, or do I need to give it another parameter to point at a single file that MailScanner is using ? If so, where are the default locations for the MailScanner ones Dave -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.15.11/264 - Release Date: 17/02/2006 From campbell at cnpapers.com Mon Feb 20 20:18:59 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Feb 20 20:19:41 2006 Subject: OT: IMAP and POP3 References: <43F6247E.2070502@evi-inc.com> <6.2.1.2.2.20060217123627.05dacab0@pop.mail.yahoo.com><001a01c6340a$be5533d0$0705000a@DDF5DW71><43F6D08E.5020609@netmagicsolutions.com><223f97700602180310v360f33d3n@mail.gmail.com> <1A700529-E731-45A0-99AB-E2BF4F4BE3FC@themarshalls.co.uk> Message-ID: <000a01c6365a$e21d10b0$0705000a@DDF5DW71> ----- Original Message ----- From: "Drew Marshall" To: "MailScanner discussion" Sent: Saturday, February 18, 2006 7:47 AM Subject: Re: OT: IMAP and POP3 > > On 18 Feb 2006, at 11:10, Glenn Steen wrote: >>> Have you considered using the Maildir format (with maybe courier- imap) >>> over mbox?? i have never seen any corruption to date (slowness yes, >>> corruption no.. but thats more of a filesystem debate) >>> >>> - dhawal >> Courier is an excellent suggestion, since you get less chance of >> "complete corruption", but also because it supports "soft" quotas. >> Dovecot will have these things too, but.... It's been a long while >> where they've promised soft (or ndeed working soft or hard) quotas, so >> ... go with what works. >> Courier imap also incorporates a good popd that work with Maildir... >> Just a bonus (noted the SBS (Skit Bakom Spakarna ... loosely >> translated to Sh*t Behind the Stick/Steeringwheel) problems that might >> arise:-). > > And indeed will do shared folders, auto removal of 'old' mail (Use that a > lot for people who can never throw anything away :-) Deleted items are > just that, as I tell my users. You get 7 days to change your mind!) , > authenticate using LDAP, MySQL, amongst others and will even sort of > cluster. The Dovecot website says shared folders aren't supported (although this doesn't mean it won't work with shared folders). Are there any tricks to making this happen? I think I saw where RedHat (actually Tao) has the RPMs on their distro, so it must be a direct replacement for their prior POP/IMAP stuff. Steve > > In short, it's got most of the toys. > > I quite like it ;-) > > Drew > > -- From campbell at cnpapers.com Mon Feb 20 20:24:05 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Feb 20 20:24:19 2006 Subject: OT: IMAP and POP3 References: <43F6247E.2070502@evi-inc.com> <6.2.1.2.2.20060217123627.05dacab0@pop.mail.yahoo.com><001a01c6340a$be5533d0$0705000a@DDF5DW71><43F6D08E.5020609@netmagicsolutions.com><223f97700602180310v360f33d3n@mail.gmail.com> <1A700529-E731-45A0-99AB-E2BF4F4BE3FC@themarshalls.co.uk> Message-ID: <000d01c6365b$98a26060$0705000a@DDF5DW71> I must have been mistaken about the RH/Tao RPMs as I don't see them, so maybe it was somewhere else like Dag's site that it was downloaded. Sorry, Steve ----- Original Message ----- From: "Drew Marshall" To: "MailScanner discussion" Sent: Saturday, February 18, 2006 7:47 AM Subject: Re: OT: IMAP and POP3 > > On 18 Feb 2006, at 11:10, Glenn Steen wrote: >>> Have you considered using the Maildir format (with maybe courier- imap) >>> over mbox?? i have never seen any corruption to date (slowness yes, >>> corruption no.. but thats more of a filesystem debate) >>> >>> - dhawal >> Courier is an excellent suggestion, since you get less chance of >> "complete corruption", but also because it supports "soft" quotas. >> Dovecot will have these things too, but.... It's been a long while >> where they've promised soft (or ndeed working soft or hard) quotas, so >> ... go with what works. >> Courier imap also incorporates a good popd that work with Maildir... >> Just a bonus (noted the SBS (Skit Bakom Spakarna ... loosely >> translated to Sh*t Behind the Stick/Steeringwheel) problems that might >> arise:-). > > And indeed will do shared folders, auto removal of 'old' mail (Use that a > lot for people who can never throw anything away :-) Deleted items are > just that, as I tell my users. You get 7 days to change your mind!) , > authenticate using LDAP, MySQL, amongst others and will even sort of > cluster. > > In short, it's got most of the toys. > > I quite like it ;-) > > Drew > > -- > In line with our policy, this message has been scanned for viruses and > dangerous content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Feb 20 20:25:34 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 20 20:25:43 2006 Subject: Slow Batch Processing... In-Reply-To: <43FA1451.4090103@tulsaconnect.com> References: <43FA0EC2.9080301@ecs.soton.ac.uk> <43FA1451.4090103@tulsaconnect.com> Message-ID: <43FA25BE.4080001@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TCIS List Acct wrote: > > > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> What OS are you running? >> If a BSD-variant, try switching off the SpamAssassin Cache (in >> MailScanner.conf) and then restart MailScanner. >> >> There appears to be something funny with the cache on some bsd-based >> boxes. Haven't got to the bottom of that yet. Need new devel server, >> which is still on the cards. > > FWIW, switching off the SA cache on our FreeBSD boxes made no > difference in the problem with 4.50.x.. > > If there is anything more I can do to help you track down the problem, > let me know. In which case it has to be the new faster (mostly) message unpacking code. If you look in /usr/lib/MailScanner/MailScanner/Message.pm, you will find about line 1434 a line that looks like this: if (MailScanner::Config::Value('mta') =~ /sendmail|exim|postfix/i) { Whichever MTA you are using, remove it from the above expression along with its '|' separator. So if you are using sendmail, the line should change to this: if (MailScanner::Config::Value('mta') =~ /exim|postfix/i) { If using Exim, change it to this: if (MailScanner::Config::Value('mta') =~ /sendmail|postfix/i) { If using Postfix, change it to this: if (MailScanner::Config::Value('mta') =~ /sendmail|exim/i) { Then restart MailScanner and let me know if this solves the speed problem. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBQ/olvxH2WUcUFbZUEQLTEQCfTuQABS6XlOv3BryXCnTiBzEbSDgAn2jq 3sgUVcbGhlQ6XPLI2FA/wxnO =my+r -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ajos1 at onion.demon.co.uk Mon Feb 20 20:39:43 2006 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Mon Feb 20 20:39:58 2006 Subject: Slow Batch Processing... Message-ID: - It was line... 1394 and I took out sendmail as that is what we are using... I shall see what happens over the next few hours... as it is a quiet time for mail. -----Original Message----- From: mailscanner@lists.mailscanner.info Subj: Re: Slow Batch Processing... Date: Mon, 20 Feb 2006 20:25:34 +0000 == ===================================================================== = = "A committee of one... gets things done." = = "It is always sunny in my life..." - Ajos1 = = "There will be a press feeding frenzy now - if anyone else has any = skeletons in their closets, they'll soon be out and dancing." = = Need help dealing with Parking Tickets, Bailiffs, Capita or NTL... = Call... +44 8457 90 90 90 http://www.samaritans.org/ ===================================================================== From shrek-m at gmx.de Mon Feb 20 21:21:51 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Mon Feb 20 21:22:02 2006 Subject: OT: IMAP and POP3 In-Reply-To: <000a01c6365a$e21d10b0$0705000a@DDF5DW71> References: <43F6247E.2070502@evi-inc.com> <6.2.1.2.2.20060217123627.05dacab0@pop.mail.yahoo.com><001a01c6340a$be5533d0$0705000a@DDF5DW71><43F6D08E.5020609@netmagicsolutions.com><223f97700602180310v360f33d3n@mail.gmail.com> <1A700529-E731-45A0-99AB-E2BF4F4BE3FC@themarshalls.co.uk> <000a01c6365a$e21d10b0$0705000a@DDF5DW71> Message-ID: <43FA32EF.1070103@gmx.de> On 20.02.2006 21:18, Steve Campbell wrote: > The Dovecot website says shared folders aren't supported (although > this doesn't mean it won't work with shared folders). Are there any > tricks to making this happen? ------- http://wiki.dovecot.org/SharedFolders Dovecot 1.0-tests have support for certain types of shared folders. It's not yet possible for users themselves to share folders, but administrators can create them. [...] The only way to implement shared folders with Dovecot 0.99.x is to create a "shared userid" which all of the users log in to read mail. -------- dovecot-1.0x will be in fedora core 5 http://download.fedora.redhat.com/pub/fedora/linux/core/test/4.92/source/SRPMS/dovecot-1.0-0.beta2.4.1.src.rpm cyrus-imapd is in fedora http://download.fedora.redhat.com/pub/fedora/linux/extras/development/SRPMS/cyrus-imapd-2.2.12-6.fc4.src.rpm $ rpm -qi cyrus-imapd | grep URL URL : http://asg.web.cmu.edu/cyrus/imapd/ -- shrek-m From alex at nkpanama.com Mon Feb 20 21:37:36 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 20 21:37:48 2006 Subject: OT: IMAP and POP3 In-Reply-To: <43FA32EF.1070103@gmx.de> References: <43F6247E.2070502@evi-inc.com> <6.2.1.2.2.20060217123627.05dacab0@pop.mail.yahoo.com><001a01c6340a$be5533d0$0705000a@DDF5DW71><43F6D08E.5020609@netmagicsolutions.com><223f97700602180310v360f33d3n@mail.gmail.com> <1A700529-E731-45A0-99AB-E2BF4F4BE3FC@themarshalls.co.uk> <000a01c6365a$e21d10b0$0705000a@DDF5DW71> <43FA32EF.1070103@gmx.de> Message-ID: <43FA36A0.7050004@nkpanama.com> shrek-m@gmx.de escribi?: > > [...] > The only way to implement shared folders with Dovecot 0.99.x is to > create a "shared userid" which all of the users log in to read mail. I've used symlinks to create shared JUNK folders, and shared archive folders. No problems *yet*. From alex at nkpanama.com Mon Feb 20 21:39:20 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 20 21:39:25 2006 Subject: OT: IMAP and POP3 In-Reply-To: <000a01c6365a$e21d10b0$0705000a@DDF5DW71> References: <43F6247E.2070502@evi-inc.com> <6.2.1.2.2.20060217123627.05dacab0@pop.mail.yahoo.com><001a01c6340a$be5533d0$0705000a@DDF5DW71><43F6D08E.5020609@netmagicsolutions.com><223f97700602180310v360f33d3n@mail.gmail.com> <1A700529-E731-45A0-99AB-E2BF4F4BE3FC@themarshalls.co.uk> <000a01c6365a$e21d10b0$0705000a@DDF5DW71> Message-ID: <43FA3708.9080908@nkpanama.com> Steve Campbell escribi?: >> >> And indeed will do shared folders, auto removal of 'old' mail (Use >> that a lot for people who can never throw anything away :-) Deleted >> items are just that, as I tell my users. You get 7 days to change >> your mind!) , authenticate using LDAP, MySQL, amongst others and >> will even sort of cluster. I do auto removal using mbox-purge (google around for it). From alex at nkpanama.com Mon Feb 20 21:51:52 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 20 21:51:55 2006 Subject: Mail Archive In-Reply-To: <20060219142121.M40995@mail.dominionfirstmortgage.com> References: <43F77980.30603@ecs.soton.ac.uk> <43F7D7C5.9040501@nkpanama.com> <20060219142121.M40995@mail.dominionfirstmortgage.com> Message-ID: <43FA39F8.20505@nkpanama.com> Jim Csoka escribi?: > The way I do it is I created a user called bigbrother. I then have > Mailscanner archive mail to /var/mail/bigbrother. Then I simply set up the > account with outlook, or use openwebmail, and view the mail. Pretty easy. > > > > In fact, you could create procmail rules or a script that would make bigbrother's mail get separated into different folders for each user, so that it doesn't grow too much. From cstone at axint.net Mon Feb 20 22:55:58 2006 From: cstone at axint.net (Chris Stone) Date: Mon Feb 20 22:57:20 2006 Subject: Spamassassin cache oddity with message dispositions Message-ID: <200602201556.05459@cs.axint.net> Noticed in 4.50.15 with the SA cache usage enabled, that messages are being delivered regardless of the score settings. I use sendmail and split multi-recipient messages to individuals. Now with the SA caching, I am seeing messages delivered that should not. For example, I just saw this: mysql> select date,time,from_address,to_address,subject,sascore from maillog where from_address='alesialet@clujnapoca.ro'; +------------+----------+-------------------------+-----------------+-----------------+---------+ | date | time | from_address | to_address | subject | sascore | +------------+----------+-------------------------+-----------------+-----------------+---------+ | 2006-02-20 | 15:38:05 | alesialet@clujnapoca.ro | addr1@hms.com | Hope this helps | 14.35 | | 2006-02-20 | 15:38:05 | alesialet@clujnapoca.ro | addr2@hms.com | Hope this helps | 14.35 | | 2006-02-20 | 15:38:05 | alesialet@clujnapoca.ro | addr3@hms.com | Hope this helps | 14.35 | | 2006-02-20 | 15:38:05 | alesialet@clujnapoca.ro | addr4@hms.com | Hope this helps | 14.35 | | 2006-02-20 | 15:38:05 | alesialet@clujnapoca.ro | addr5@hms.com | Hope this helps | 14.35 | +------------+----------+-------------------------+-----------------+-----------------+---------+ Note that the default high spam score on the server is 8. The High Spam score for the messages to all but addr4@hms.com is set to 25. All these messages were tagged and delivered whereas all should have been delivered except for the one to addr4@hms.com. I saw this a couple of other times since upgrading to 4.50.15, but thought it a fluke, but now it's appearing that there is a problem in the way the messages are handled when they are hit on in the new SA cache. Anyone else seeing this behavior? Chris -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060220/44f0139a/attachment.bin From brent.addis at pronet.co.nz Tue Feb 21 00:03:33 2006 From: brent.addis at pronet.co.nz (Brent Addis) Date: Tue Feb 21 00:03:58 2006 Subject: [Fwd: Re: exim4 / mailscanner 4.50.15 spool issues] Message-ID: <43FA58D5.3050204@pronet.co.nz> Hi, I have built a new server from scratch, instralled 4.50 and am still getting this problem. Has anybody seen it at all? It seems totally random. only 6 out of every 1500 happens. All seem to be just text based messages with nothing odd. I would really like to be use 4.50 in production but that's a no go until this is sorted. -------- Original Message -------- Subject: Re: exim4 / mailscanner 4.50.15 spool issues Date: Fri, 17 Feb 2006 12:47:30 +1300 From: Brent Addis Reply-To: MailScanner discussion To: MailScanner discussion References: <43F2A61C.5080109@pronet.co.nz> Hello, I downgraded to 4.48.4 and the issue seems to have sorted itself. Are there any known issues with 4.50 that could cause these spool errors? Brent Addis wrote: > Hi, > > I seem to be getting a few spool issues with exim4 / mailscanner. > > We are currently only running a fairly small setup, processing roughly > 1500 messages a day. > > however, we get ocassional error such as: > > 2006-02-15 09:08:09 1F96Sn-0003Ot-8X Spool file 1F96Sn-0003Ot-8X-D not > found in our exim mainlog. > > I have exim using differing incoming/outgoing directories. > > It seems sort of random. Out of 1500 messages processes, it has > happened with 6. All at varying times, all from varying senders. > > None are spam nor viruses. > > MailScanner version 4.50.15 & Exim 4.50 > > > a MailScanner --lint finds no issues. > > Does anyone have any ideas? > > MailScanner -v below : > > Running on > Linux PROHOST113 2.6.14.3 #1 SMP Wed Dec 14 09:25:32 NZDT 2005 i686 > GNU/Linux > This is Perl version 5.008007 (5.8.7) > > This is MailScanner version 4.50.15 > Module versions are: > 1.00 AnyDBM_File > 1.14 Archive::Zip > 1.04 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.07 File::Path > 0.16 File::Temp > 1.32 HTML::Entities > 3.48 HTML::Parser > 2.35 HTML::TokeParser > 1.21 IO > 1.11 IO::File > 1.123 IO::Pipe > 1.71 Mail::Header > 3.05 MIME::Base64 > 5.419 MIME::Decoder > 5.419 MIME::Decoder::UU > 5.419 MIME::Head > 5.419 MIME::Parser > 3.03 MIME::QuotedPrint > 5.419 MIME::Tools > 0.10 Net::CIDR > 1.08 POSIX > 1.77 Socket > 0.06 Sys::Syslog > 1.86 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.811 DB_File > 1.11 DBD::SQLite > 1.50 DBI > 1.10 Digest > 1.01 Digest::HMAC > 2.33 Digest::MD5 > 2.10 Digest::SHA1 > 0.44 Inline > missing Mail::ClamAV > 3.000003 Mail::SpamAssassin > 1.997 Mail::SPF::Query > 0.15 Net::CIDR::Lite > 0.48 Net::DNS > missing Net::LDAP > 1.94 Parse::RecDescent > missing SAVI > 1.2 Sys::Hostname::Long > 2.48 Test::Harness > 0.54 Test::Simple > 1.95 Text::Balanced > 1.35 URI > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From listacct at tulsaconnect.com Tue Feb 21 00:31:02 2006 From: listacct at tulsaconnect.com (TCIS List Acct) Date: Tue Feb 21 00:31:06 2006 Subject: Slow Batch Processing... In-Reply-To: <43FA25BE.4080001@ecs.soton.ac.uk> References: <43FA0EC2.9080301@ecs.soton.ac.uk> <43FA1451.4090103@tulsaconnect.com> <43FA25BE.4080001@ecs.soton.ac.uk> Message-ID: <43FA5F46.8050500@tulsaconnect.com> Julian Field wrote: > In which case it has to be the new faster (mostly) message unpacking code. > If you look in /usr/lib/MailScanner/MailScanner/Message.pm, you will > find about line 1434 a line that looks like this: > if (MailScanner::Config::Value('mta') =~ /sendmail|exim|postfix/i) { > > Whichever MTA you are using, remove it from the above expression along > with its '|' separator. So if you are using sendmail, the line should > change to this: > if (MailScanner::Config::Value('mta') =~ /exim|postfix/i) { > If using Exim, change it to this: > if (MailScanner::Config::Value('mta') =~ /sendmail|postfix/i) { > If using Postfix, change it to this: > if (MailScanner::Config::Value('mta') =~ /sendmail|exim/i) { > > Then restart MailScanner and let me know if this solves the speed problem. Apparently it is not that code either -- I did as you asked and changed the line in Message.pm with no change in the behavior. The SA cache was disabled during the test as well -- after about an hour/hour and a half, the machine starts to run out of memory, starts to swap, and then spirals downhill from there. Switching the symlink for /opt/MailScanner back to 4.47.4 or 4.48.4 solves the problem. Also note that I see this same behavior in 4.49.7. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- From lars+lister.mailscanner at adventuras.no Tue Feb 21 01:37:26 2006 From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen) Date: Tue Feb 21 01:41:37 2006 Subject: OT: IMAP and POP3 In-Reply-To: <43FA32EF.1070103@gmx.de> References: <43F6247E.2070502@evi-inc.com> <6.2.1.2.2.20060217123627.05dacab0@pop.mail.yahoo.com><001a01c6340a$be5533d0$0705000a@DDF5DW71><43F6D08E.5020609@netmagicsolutions.com><223f97700602180310v360f33d3n@mail.gmail.com> <1A700529-E731-45A0-99AB-E2BF4F4BE3FC@themarshalls.co.uk> <000a01c6365a$e21d10b0$0705000a@DDF5DW71> <43FA32EF.1070103@gmx.de> Message-ID: <43FA6ED6.10806@adventuras.no> shrek-m@gmx.de skrev: > On 20.02.2006 21:18, Steve Campbell wrote: > >> The Dovecot website says shared folders aren't supported (although >> this doesn't mean it won't work with shared folders). Are there any >> tricks to making this happen? > > cyrus-imapd is in fedora > http://download.fedora.redhat.com/pub/fedora/linux/extras/development/SRPMS/cyrus-imapd-2.2.12-6.fc4.src.rpm > > > $ rpm -qi cyrus-imapd | grep URL > URL : http://asg.web.cmu.edu/cyrus/imapd/ > Also here you can find some very good up to date linux-rpm-packages of cyrus-imapd: http://invoca.ch/pub/packages/cyrus-imapd/ -- Regards from Lars From jon.bates at summitmotors.com.au Tue Feb 21 04:20:40 2006 From: jon.bates at summitmotors.com.au (Jon Bates) Date: Tue Feb 21 04:20:57 2006 Subject: MailScanner 'breaking' text file attachments Message-ID: <200602210420.k1L4KVt4030604@summitmotors.com.au> Skipped content of type multipart/alternative-------------- next part -------------- HN724MI7343 STK Y??????????C20022006 SUMMIT GLENDALE 359 LAKE RD GLENDALE NSW 22850053YNYNNN LN724MI7343 0001AW301550 12G01B 000003 LN724MI7343 0002AW311558 32E01 000002 LN724MI7343 0003AW313404 13A04 000036 LN724MI7343 0004AW321808 13B03 000010 LN724MI7343 0005AW340077 11C01A 000001 LN724MI7343 0006AW340573 13A03 000004 LN724MI7343 0007AW351775 10E02H 000002 LN724MI7343 0008AW351828 12F07 000024 LN724MI7343 0009AW351829 19A01 000003 LN724MI7343 0010MB253964 11A04E 000020 LN724MI7343 0011MB433774 33D01D 000001 LN724MI7343 0012MB547806 12G05D 000010 LN724MI7343 0013MB620532 12F03E 000001 LN724MI7343 0014MB879707 11A04H 000001 LN724MI7343 0015MD040514 11A01G 000005 LN724MI7343 0016MD050316 12G01E 000004 LN724MI7343 0017MD138069 11A04F 000004 LN724MI7343 0018MD182293 10D04A 000002 LN724MI7343 0019MD184901 10D02F 000002 LN724MI7343 0020MD199223 12F03B 000003 LN724MI7343 0021MD199282 33C02D 000003 LN724MI7343 0022MD303884 11A06B 000001 LN724MI7343 0023MD321352 10C05B 000004 LN724MI7343 0024MD340625 13B02 000005 LN724MI7343 0025MD352627 13B06 000050 LN724MI7343 0026MD356000 13B02 000010 LN724MI7343 0027MD614417 11A03A 000003 LN724MI7343 0028ME132525 13B04 000004 LN724MI7343 0029ME215002 13B05 000010 LN724MI7343 0030MR150767 11A03H 000004 LN724MI7343 0031MR200300 11A01F 000020 LN724MI7343 0032MR213365 11A03E 000002 LN724MI7343 0033MR252200 11D03 000004 LN724MI7343 0034MR318477 11B04 000002 LN724MI7343 0035MR502895 11A10E 000001 LN724MI7343 0036MR552951 13A02 000013 LN724MI7343 0037MR571473 14B05 000002 LN724MI7343 0038MR592811 10B02 000001 LN724MI7343 0039MR901762 11C04 000002 LN724MI7343 0040MR921357 30G05 000001 LN724MI7343 0041MR922647 30E05 000004 LN724MI7343 0042MR925801 31F02 000001 LN724MI7343 0043MR925945 13C04 000032 LN724MI7343 0044MR927546 31D02 000002 LN724MI7343 0045MR927767 31F03 000001 LN724MI7343 0046MR927769 30B03 000001 LN724MI7343 0047MR927772 30H06 000001 LN724MI7343 0048MR929983 30F02 000002 LN724MI7343 0049MR935275 32D07 000001 LN724MI7343 0050MR935277 32D09 000001 LN724MI7343 0051MS851187 14D03 000030 LN724MI7343 0052MS851357 14D04 000070 LN724MI7343 0053MS851361 14C04E 000020 -------------- next part -------------- HN724MI7343 STK Y??????????C20022006 SUMMIT GLENDALE 359 LAKE RD GLENDALE NSW 22850053YNYNNN LN724MI7343 0001AW301550 12G01B 000003 LN724MI7343 0002AW311558 32E01 000002 LN724MI7343 0003AW313404 13A04 000036 LN724MI7343 0004AW321808 13B03 000010 LN724MI7343 0005AW340077 11C01A 000001 LN724MI7343 0006AW340573 13A03 000004 LN724MI7343 0007AW351775 10E02H 000002 LN724MI7343 0008AW351828 12F07 000024 LN724MI7343 0009AW351829 19A01 000003 LN724MI7343 0010MB253964 11A04E 000020 LN724MI7343 0011MB433774 33D01D 000001 LN724MI7343 0012MB547806 12G05D 000010 LN724MI7343 0013MB620532 12F03E 000001 LN724MI7343 0014MB879707 11A04H 000001 LN724MI7343 0015MD040514 11A01G 000005 LN724MI7343 0016MD050316 12G01E 000004 LN724MI7343 0017MD138069 11A04F 000004 LN724MI7343 0018MD182293 10D04A 000002 LN724MI7343 0019MD184901 10D02F 000002 LN724MI7343 0020MD199223 12F03B 000003 LN724MI7343 0021MD199282 33C02D 000003 LN724MI7343 0022MD303884 11A06B 000001 LN724MI7343 0023MD321352 10C05B 000004 LN724MI7343 0024MD340625 13B02 000005 LN724MI7343 0025MD352627 13B06 000050 LN724MI7343 0026MD356000 13B02 000010 LN724MI7343 0027MD614417 11A03A 000003 LN724MI7343 0028ME132525 13B04 000004 LN724MI7343 0029ME215002 13B05 000010 LN724MI7343 0030MR150767 11A03H 000004 LN724MI7343 0031MR200300 11A01F 000020 LN724MI7343 0032MR213365 11A03E 000002 LN724MI7343 0033MR252200 11D03 000004 LN724MI7343 0034MR318477 11B04 000002 LN724MI7343 0035MR502895 11A10E 000001 LN724MI7343 0036MR552951 13A02 000013 LN724MI7343 0037MR571473 14B05 000002 LN724MI7343 0038MR592811 10B02 000001 LN724MI7343 0039MR901762 11C04 000002 LN724MI7343 0040MR921357 30G05 000001 LN724MI7343 0041MR922647 30E05 000004 LN724MI7343 0042MR925801 31F02 000001 LN724MI7343 0043MR925945 13C04 000032 LN724MI7343 0044MR927546 31D02 000002 LN724MI7343 0045MR927767 31F03 000001 LN724MI7343 0046MR927769 30B03 000001 LN724MI7343 0047MR927772 30H06 000001 LN724MI7343 0048MR929983 30F02 000002 LN724MI7343 0049MR935275 32D07 000001 LN724MI7343 0050MR935277 32D09 000001 LN724MI7343 0051MS851187 14D03 000030 LN724MI7343 0052MS851357 14D04 000070 LN724MI7343 0053MS851361 14C04E 000020 From jon.bates at summitmotors.com.au Tue Feb 21 04:35:25 2006 From: jon.bates at summitmotors.com.au (Jon Bates) Date: Tue Feb 21 04:35:29 2006 Subject: MailScanner 'breaking' text file attachments Message-ID: <200602210435.k1L4ZGt4031941@summitmotors.com.au> Hmm.. sorry about previous post... Something went awry there obviously. Original message: I'm having a problem whereby text files attached to an email are 'changed' when it goes through the mail server. It seems like line breaks are removed from the file during the content scanning process. I have done some testing, and found that setting "Dangerous Content Scanning = No" seems to fix the problem - So I've narrowed the issue down to this feature. Does anyone know of any reason why line breaks would be removed from text files at all? Thanks for your help. - Jon ----------- This message has been scanned for viruses and inappropriate content or attachments as deemed by Summit Investment Australia P/L and is believed to be clean. Although Summit Investment Australia has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. All messages scanned by MailScanner From Jan-Peter.Koopmann at seceidos.de Tue Feb 21 07:17:56 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Tue Feb 21 07:18:08 2006 Subject: FreeBSD port 4.50.15 onwards and sendmail Message-ID: Hi, as some kind people pointed out, the mta.sh start script in the latest FreeBSD ports were lacking three important lines for sendmail to work. I already changed the mta.sh script in the port revision 4.50.15_1 but somehow the change is not distributed via cvsup. Therefore, until the ports freeze is over and this is corrected please use something similar to this in rc.conf if you are using sendmail: mta_enable="YES" mta_type="sendmail" mta_profiles="incoming outgoing submitqueue" mta_incoming_flags="-L sm-mta-in -bd -OPrivacyOptions=noetrn -OQueueDirectory=/var/spool/mqueue.in -ODeliveryMode=queueonly" mta_incoming_pidfile="/var/run/sendmail_in.pid" mta_incoming_configfile="/etc/mail/sendmail.cf" mta_outgoing_flags="-L sm-mta-out -q15m" mta_outgoing_pidfile="/var/run/sendmail_out.pid" mta_outgoing_configfile="/etc/mail/sendmail.cf" mta_submitqueue_flags="-L sm-msp-queue -Ac -q15m" mta_submitqueue_pidfile="/var/spool/clientmqueue/sm-client.pid" mta_submitqueue_configfile="/etc/mail/submit.cf" Please note the _configfile lines which were missing. Sorry for the trouble. Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060221/782afc9c/smime.bin From Jan-Peter.Koopmann at seceidos.de Tue Feb 21 07:21:01 2006 From: Jan-Peter.Koopmann at seceidos.de (Koopmann, Jan-Peter) Date: Tue Feb 21 07:21:14 2006 Subject: [Fwd: Re: exim4 / mailscanner 4.50.15 spool issues] Message-ID: On Tuesday, February 21, 2006 1:04 AM Brent Addis wrote: > I have built a new server from scratch, instralled 4.50 and am still > getting this problem. Has anybody seen it at all? > > It seems totally random. only 6 out of every 1500 happens. All seem > to be just text based messages with nothing odd. > > I would really like to be use 4.50 in production but that's a no go > until this is sorted. First: I can confirm the problem. I am seeing the exact same thing. Julian. Something in 4.49 or 4.50 broke exim support a bit. Sometimes -H files are left in the incoming spool whereas the -D files are gone. Actually I have yet to debug if the message itself was delivered correctly. @Brent: Currently I do not think this is a showstopper. You can periodically run a small script deleting all -H files whithout corresponding -D files. Not nice but it works. Kind regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060221/67899915/smime.bin From brent.addis at pronet.co.nz Tue Feb 21 07:29:11 2006 From: brent.addis at pronet.co.nz (Brent Addis) Date: Tue Feb 21 07:29:34 2006 Subject: [Fwd: Re: exim4 / mailscanner 4.50.15 spool issues] In-Reply-To: References: Message-ID: <43FAC147.3090001@pronet.co.nz> Koopmann, Jan-Peter wrote: > On Tuesday, February 21, 2006 1:04 AM Brent Addis wrote: > > >> I have built a new server from scratch, instralled 4.50 and am still >> getting this problem. Has anybody seen it at all? >> >> It seems totally random. only 6 out of every 1500 happens. All seem >> to be just text based messages with nothing odd. >> >> I would really like to be use 4.50 in production but that's a no go >> until this is sorted. >> > > First: I can confirm the problem. I am seeing the exact same thing. Julian. > Something in 4.49 or 4.50 broke exim support a bit. Sometimes -H files are > left in the incoming spool whereas the -D files are gone. Actually I have > yet to debug if the message itself was delivered correctly. > > @Brent: Currently I do not think this is a showstopper. You can periodically > run a small script deleting all -H files whithout corresponding -D files. > Not nice but it works. > I believe it is. the mail does not seem to arrive at the other end. I end up having to attach the original message to a new mail and send it. I have had to turn on quarantine all mail just for this reason. I am seeing it in the outgoing spool queue not the incoming > Kind regards, > JP > > -- Regards, Brent Addis Technical Account Manager Pronet Internet NZ LTD Mobile: 021 723 612 From rborland at medsch.uz.ac.zw Tue Feb 21 08:12:41 2006 From: rborland at medsch.uz.ac.zw (Rob Borland) Date: Tue Feb 21 08:11:08 2006 Subject: Error using --lint option Message-ID: <43FACB79.4020604@medsch.uz.ac.zw> MailScanner 4.50.15 is working fine with ClamAV and SpamAssassin, but I get the following error using the --lint option: # /usr/sbin/MailScanner --lint Cannot open config file --lint, No such file or directory at /usr/lib/MailScanner/MailScanner/Config.pm line 597. Compilation failed in require at /usr/sbin/MailScanner line 67. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 67. Here are the version specs: # /usr/sbin/MailScanner -v Running on Linux mail.healthnet.org.zw 2.4.20-28.7 #1 Thu Dec 18 11:31:59 EST 2003 i686 unknown This is Red Hat Linux release 7.2 (Enigma) This is Perl version 5.006001 (5.6.1) This is MailScanner version 4.50.15 Module versions are: 1.16 Archive::Zip 1.119 Convert::BinHex 1.03 Fcntl 2.6 File::Basename 2.03 File::Copy 2.00 FileHandle 1.0404 File::Path 0.16 File::Temp 1.32 HTML::Entities 3.48 HTML::Parser 2.35 HTML::TokeParser 1.20 IO 1.08 IO::File 1.121 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.03 MIME::QuotedPrint 5.419 MIME::Tools 0.11 Net::CIDR 1.03 POSIX 1.72 Socket 0.01 Sys::Syslog 1.86 Time::HiRes 1.01 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.814 DB_File 1.11 DBD::SQLite 1.50 DBI 1.13 Digest missing Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 missing Inline missing Mail::ClamAV 3.001000 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite missing Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.56 Test::Harness 0.62 Test::Simple missing Text::Balanced missing URI I'd appreciate advice. Regards, Rob From rob_27_preston at yahoo.co.uk Tue Feb 21 08:52:16 2006 From: rob_27_preston at yahoo.co.uk (Robert Davison) Date: Tue Feb 21 08:52:18 2006 Subject: spamassassinprefsfile Error In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580B5DCC6F@isabella.herefordshire.gov.uk> Message-ID: <20060221085216.42252.qmail@web25001.mail.ukl.yahoo.com> The MailScanner.new file is indeed zero bytes long. If I delete the SpamAssassin Prefs File =/etc/MailScann...... line and run a --lint the output is.. Read 701 hostnames from the phishing whitelist Cannot write pid file , No such file or directory at /usr/sbin/MailScanner line 1238 Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. I'm guessing that MailScanner is still runing ok without this line. Whats the 'cannot write pid file' about ? "Randal, Phil" wrote: Copy your existing MailScanner.conf somewhere safe and then run upgrade_MailScanner_conf and follow the instructions it prints on screen. If the resultant MailScanner.conf is zero bytes long after doing that, something's awry, co copy back your original MailScanner.conf and edit it to delete the SpamAssassin Prefs File = /etc/MailScanner/spam.assassin.prefs.conf line. Then MailScanner --lint to see what errors it picks up. If OK, restart MailScanner in the normal manner. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK --------------------------------- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Robert Davison Sent: 20 February 2006 13:46 To: MailScanner discussion Subject: RE: spamassassinprefsfile Error what can I do now to fix this...can I run these scripts now ? "Randal, Phil" wrote: It's likely that after running upgrade_MailScanner_conf you forgot to mv -f MailScanner.conf MailScanner.old mv -f MailScanner.new MailScanner.conf The SpamAssassin Prefs File = /etc/MailScanner/spam.assassin.prefs.conf line in MailScanner.conf is now deprecated. Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK --------------------------------- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Robert Davison Sent: 20 February 2006 13:26 To: mailscanner@lists.mailscanner.info Subject: spamassassinprefsfile Error I'm getting the following error in my maillog....... Feb 20 12:04:26 as MailScanner[12190]: MailScanner E-Mail Virus Scanner version 4.50.15 starting... Feb 20 12:04:26 as MailScanner[12190]: Syntax error(s) in configuration file: Feb 20 12:04:26 as MailScanner[12190]: Unrecognised keyword "spamassassinprefsfile" at line 2078! Feb 20 12:04:26 as MailScanner[12190]: Aborting due to syntax errors in /etc/MailScanner/MailScanner.conf. Feb 20 12:04:28 as MailScanner[12190]: Enabling SpamAssassin auto-whitelist functionality... Feb 20 12:04:30 as MailScanner[12190]: Using locktype = flock Its the unrecognised keyword bit that confusing me as my line 2078 in my MailScanner.conf is.... SpamAssassin Prefs File = /etc/MailScanner/spam.assassin.prefs.conf Is this meaning that there is something worng with my spamassassin conf file ? and no MailScanner.c! onf as the error is reporting ? --------------------------------- Yahoo! Photos ? NEW, now offering a quality print service from just 8p a photo. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --------------------------------- Yahoo! Messenger NEW - crystal clear PC to PC calling worldwide with voicemail -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --------------------------------- Yahoo! Messenger NEW - crystal clear PC to PC calling worldwide with voicemail -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060221/cb76f369/attachment.html From MailScanner at ecs.soton.ac.uk Tue Feb 21 10:33:47 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 21 10:34:06 2006 Subject: spamassassinprefsfile Error In-Reply-To: <20060221085216.42252.qmail@web25001.mail.ukl.yahoo.com> References: <20060221085216.42252.qmail@web25001.mail.ukl.yahoo.com> Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 487 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060221/7f74d0cf/PGP.bin From smf at f2s.com Tue Feb 21 11:03:55 2006 From: smf at f2s.com (Steve Freegard) Date: Tue Feb 21 11:02:13 2006 Subject: Error using --lint option In-Reply-To: <43FACB79.4020604@medsch.uz.ac.zw> References: <43FACB79.4020604@medsch.uz.ac.zw> Message-ID: <1140519835.8711.121.camel@localhost.localdomain> Hi Rob, On Tue, 2006-02-21 at 10:12 +0200, Rob Borland wrote: > MailScanner 4.50.15 is working fine with ClamAV and SpamAssassin, but I > get the following error using the --lint option: > > # /usr/sbin/MailScanner --lint > Cannot open config file --lint, No such file or directory at > /usr/lib/MailScanner/MailScanner/Config.pm line 597. > Compilation failed in require at /usr/sbin/MailScanner line 67. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 67. > Check for .rpmnew files in /usr/lib/MailScanner/MailScanner -- you'll probably find that you have a CustomConfig.pm.rpmnew file in there, merge in any changes from CustomConfig.pm, then rename CustomConfig.pm to .old and rename CustomConfig.pm.rpmnew to CustomConfig.pm and the --lint will work correctly. Cheers, Steve. From postmaster at nmc.abacus.com.my Tue Feb 21 11:37:26 2006 From: postmaster at nmc.abacus.com.my (Admin) Date: Tue Feb 21 11:43:15 2006 Subject: MailScanner, postfix and exchange server as a gateway Message-ID: <43FAFB76.8090708@nmc.abacus.com.my> Hi, Currently I am using MailScanner 4.50.15-1 with postfix as a gateway for my exchange server , its run on FC4, Is it better to change to sendmail or stick with postfix?. If so how can I accept mail only for valid Exchange users in sendmail. Thanks In Advance. From martinh at solid-state-logic.com Tue Feb 21 11:51:30 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Tue Feb 21 11:51:33 2006 Subject: MailScanner, postfix and exchange server as a gateway In-Reply-To: <43FAFB76.8090708@nmc.abacus.com.my> Message-ID: <000801c636dd$276f0f60$3004010a@martinhlaptop> For my view, better the devil you know...both are valid, as is exim or qmail. I presume you're already doing valid Exch users checks in PF? If not try this.. http://www-personal.umich.edu/~malth/gaptuning/postfix/ (its in the wiki!) For sendmail you'll need to configure milter-ahead, see this.. http://www.fsl.com/support/Milter-Ahead-Exchange-Settings.pdf -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Admin > Sent: 21 February 2006 11:37 > To: mailscanner@lists.mailscanner.info > Subject: MailScanner, postfix and exchange server as a gateway > > Hi, > > Currently I am using MailScanner 4.50.15-1 with postfix as a gateway for > my exchange server , its run on FC4, Is it better to change to sendmail > or stick with postfix?. If so how can I accept mail only for valid > Exchange users in sendmail. > > Thanks In Advance. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From Andrea.bazzanini at premiereglobal.it Tue Feb 21 12:56:19 2006 From: Andrea.bazzanini at premiereglobal.it (Andrea) Date: Tue Feb 21 11:52:41 2006 Subject: MailScanner, postfix and exchange server as a gateway In-Reply-To: <43FAFB76.8090708@nmc.abacus.com.my> References: <43FAFB76.8090708@nmc.abacus.com.my> Message-ID: <1140526579.5330.38.camel@digimon.xpedite.co.uk> It's easy with postfix filter users. Try setup into main.cf fils this keyworks relay_recipient_maps = hash:/etc/postfix/user create user file contains like this user@domain.it OK user1@domain.it OK [...] use postmap command for create user.db file and restart Mailscanner If user appear into user.db file, the emails are delivered to exchange server ..... > Hi, > > Currently I am using MailScanner 4.50.15-1 with postfix as a gateway for > my exchange server , its run on FC4, Is it better to change to sendmail > or stick with postfix?. If so how can I accept mail only for valid > Exchange users in sendmail. > > Thanks In Advance. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > --==> AndreA <==-- Technical Support Premiere Global Services Xpedite Systems Srl 20121 Milan, Italy Tel : +39 02 77 33 81 Fax : +39 02 36 04 97 52 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060221/f7e95952/attachment.html From rob at robhq.com Tue Feb 21 12:04:31 2006 From: rob at robhq.com (rob) Date: Tue Feb 21 11:58:39 2006 Subject: MailScanner, postfix and exchange server as a gateway In-Reply-To: <43FAFB76.8090708@nmc.abacus.com.my> References: <43FAFB76.8090708@nmc.abacus.com.my> Message-ID: <20060221120143.M13023@robhq.com> On Tue, 21 Feb 2006 19:37:26 +0800, Admin wrote > Hi, > > Currently I am using MailScanner 4.50.15-1 with postfix as a gateway for > my exchange server , its run on FC4, Is it better to change to sendmail > or stick with postfix?. If so how can I accept mail only for valid > Exchange users in sendmail. > > Thanks In Advance. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. We use MailScanner with sendmail in front of our exchange 2000 server and followed the instructions here to make only valid exchange users accept mail: http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/270.html There is also an article about how to setup sendmail to forward emails to an exchange server. It is on the site documentation. Rob -- Open WebMail Project (http://openwebmail.org) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From drew at themarshalls.co.uk Tue Feb 21 12:50:31 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Tue Feb 21 12:50:39 2006 Subject: MailScanner, postfix and exchange server as a gateway In-Reply-To: <43FAFB76.8090708@nmc.abacus.com.my> References: <43FAFB76.8090708@nmc.abacus.com.my> Message-ID: <65178.194.70.180.170.1140526231.squirrel@webmail.r-bit.net> On Tue, February 21, 2006 11:37, Admin wrote: > Hi, > > Currently I am using MailScanner 4.50.15-1 with postfix as a gateway for > my exchange server , its run on FC4, Is it better to change to sendmail > or stick with postfix?. If so how can I accept mail only for valid > Exchange users in sendmail. Being some what biased, why would you want to change? Postfix does everything that Sendmail does without re-compiling (Or, IMHO, without needing to understand a strange language for the config file :-) ). Seriously, there are loads of large sites using both MTAs in the same way as you are/ want to without any issues. Both will work well so, like OS's, it comes down to personal preferences. I would suggest that you use what you are familier with as you are less likely to **** it up and in doing so, at best fill your queues with Spam and worst case become a black listed open relay ;-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From DrewB at united-systems.com Tue Feb 21 13:15:39 2006 From: DrewB at united-systems.com (Drew Burchett) Date: Tue Feb 21 13:18:21 2006 Subject: MailScanner, postfix and exchange server as a gateway Message-ID: <1E75E79B854C814784D0E8C5BA55AF76B2D013@uss2k01.united-systems.local> I just got finished setting up MailScanner/postfix to forward mail to my Exchange server, but I used a bit of a different tactic than the one in the article. I have about 500 users, so I can't say how well this approach would scale, but I didn't see any performance hit when I implemented it. First, create a file called users.ldap. Doesn't matter where, or even the name. The contents will be as follows: server_host = my.ldap.server search_base = dc=my,dc=tld bind_dn = cn=LDAP Query,ou=users,dc=my,dc=tld bind_pw = secret domain = hash:/etc/postfix/db/mydestination query_filter = (&(|(mail=%s)(proxyAddresses=smtp:%s))(!(userAccountControl:1.2.840.1135 56.1.4.803:=2))) result_attribute = mail version = 3 If you aren't familiar with ldap, the file breaks down as follows: server_host is the name or IP address of your Active Directory server. search_base is the base DN of your Active Directory. bind_dn and bind_pw are an account and password that has permissions to search the Active Directory. Note that if you don't want to store a user password in a cleartext file, you can also enable anonymous lookups on the Active Directory. Personally, I'd rather take the chance on storing a password on a relatively secure machine. domain is an option that you can use or not. When I specified mydestination in my Postfix configuration, I pointed it to a hash database. This parameter points to the same hash database so that if a query comes through and it's not one of my valid domains, the query won't even be performed. I figure it saves a little on performance. The query_filter is how you specify what parameters to look up. In this config, I specified that if the mail account exists in either the mail attribute or the proxyAddresses attribute, then it's a valid account. After some further reading yesterday, I found that I could actually take the mail attribute out as Exchange stores all the addresses in proxyAddresses. The userAccountControl portion of the query is used to tell if an account is active or not. If you aren't familiar with LDAP query syntax, there's a lot of good information on the web about it. The result_attribute is what LDAP attribute to return. I returned the mail attribute, but for this particular query, it wouldn't matter as any response other than nothing would be considered a valid user. Version is set to 3 because AD uses LDAP v3. Once that file is created and in place, go into your Postfix config and set the following: Local_recipient_maps = ldap:/path/to/users.ldap Reload postfix and it will run the ldap query against every email that comes in. Again, this may cause a performance problem on a really large system, but it seems to work fine on mine. Drew Burchett United Systems & Software http://www.united-systems.com -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of rob Sent: Tuesday, February 21, 2006 6:05 AM To: MailScanner discussion Subject: Re: MailScanner, postfix and exchange server as a gateway On Tue, 21 Feb 2006 19:37:26 +0800, Admin wrote > Hi, > > Currently I am using MailScanner 4.50.15-1 with postfix as a gateway for > my exchange server , its run on FC4, Is it better to change to sendmail > or stick with postfix?. If so how can I accept mail only for valid > Exchange users in sendmail. > > Thanks In Advance. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. We use MailScanner with sendmail in front of our exchange 2000 server and followed the instructions here to make only valid exchange users accept mail: http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/270.html There is also an article about how to setup sendmail to forward emails to an exchange server. It is on the site documentation. Rob -- Open WebMail Project (http://openwebmail.org) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean. From smf at f2s.com Tue Feb 21 13:24:21 2006 From: smf at f2s.com (Steve Freegard) Date: Tue Feb 21 13:22:40 2006 Subject: MailScanner, postfix and exchange server as a gateway In-Reply-To: <000801c636dd$276f0f60$3004010a@martinhlaptop> References: <43FAFB76.8090708@nmc.abacus.com.my> <000801c636dd$276f0f60$3004010a@martinhlaptop> Message-ID: <1140528262.8711.125.camel@localhost.localdomain> On Tue, 2006-02-21 at 11:51 +0000, Martin Hepworth wrote: > For my view, better the devil you know...both are valid, as is exim or > qmail. Indeed - for Exim users - this: http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20040816/msg00126.html might be a good alternative. > For sendmail you'll need to configure milter-ahead, see this.. > http://www.fsl.com/support/Milter-Ahead-Exchange-Settings.pdf Note that milter-ahead will only work correctly with Exchange 2003 as it's the only version of Exchange that can be configured to actually *reject* invalid users. Otherwise you have to fall back on the Postfix-style method and create a valid user list. Cheers, Steve. From nauman at worldcall.net.pk Tue Feb 21 13:40:04 2006 From: nauman at worldcall.net.pk (Nauman Habib) Date: Tue Feb 21 13:39:09 2006 Subject: install-Clam-SA.tar.gz -SPAM ASSASSIN HELP Message-ID: <009a01c636ec$52aae0f0$23c051cb@nocict> HI I Have Just Built A Mail Server Using Latest SENDMAIL on FC2 Machine. I have Used Latest MAIL SCANNER and I m also Using install-Clam-SA.tar.gz ( CLAM & SA ) package. I want to know - In this Package of Spam Assassin Where is the Spam Assassin RULEZ? It is capturing some of the Spam, but leaves still a lot. I want to know where the Rules which can be Modifies according to my Personal Needs are. If you can possible attach some Good Strict Rules as Example, it will be nice. Thanking in Advance. Thanks and regards, M.Nauman Habib Network Engineer ICT Department WorldCALL Multimedia Pvt Ltd 16-S Gulberg II Lahore, Pakistan Off: 92 (42) 5877051-55 Cell : 0321-4311830 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060221/6dbb05a4/attachment.html From rborland at medsch.uz.ac.zw Tue Feb 21 13:52:05 2006 From: rborland at medsch.uz.ac.zw (Rob Borland) Date: Tue Feb 21 13:58:18 2006 Subject: Error using --lint option In-Reply-To: <43FB1A4E.4050704@medsch.uz.ac.zw> References: <43FB1A4E.4050704@medsch.uz.ac.zw> Message-ID: <43FB1B05.1030504@medsch.uz.ac.zw> > >> MailScanner 4.50.15 is working fine with ClamAV and SpamAssassin, but I > >> get the following error using the --lint option: > >> > >> # /usr/sbin/MailScanner --lint > >> Cannot open config file --lint, No such file or directory at > >> /usr/lib/MailScanner/MailScanner/Config.pm line 597. > >> Compilation failed in require at /usr/sbin/MailScanner line 67. > >> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 67. > >> > > > Check for .rpmnew files in /usr/lib/MailScanner/MailScanner -- you'll > probably find that you have a CustomConfig.pm.rpmnew file in there, > merge in any changes from CustomConfig.pm, then rename CustomConfig.pm > to .old and rename CustomConfig.pm.rpmnew to CustomConfig.pm and the > --lint will work correctly. > > Cheers, > Steve. That was it. Thanks for the advice. Regards, Rob From JBrault at scotforge.com Tue Feb 21 14:20:17 2006 From: JBrault at scotforge.com (Jason Brault) Date: Tue Feb 21 14:20:23 2006 Subject: Spam Assassin Not Running Message-ID: Greetings All, For some reason, my Spam Assassin isn't running, and I can't figure out why. I can manually execute it, run it in debug mode, I can even train bayes. However when my messages come in, and they're picked up as spam they don't have the SA score attached to them, nor are there the descriptions of what triggered the SA score. All of the config files look good, and like I said since I can manually execute SA, I have no clue whats wrong. Mail Scanner is also configed to run Spam Assassin. Anyone have any thoughts? I need a new direction to look. Thanks, -Jason --------------- Jason Brault Communications Administrator - Scot Forge Company 8001 Winn Rd., Spring Grove, IL. 60081 Phone: (815) 675-4247 Fax: (815) 675-4129 Email: jbrault@scotforge.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060221/6890b7c0/attachment.html From shrek-m at gmx.de Tue Feb 21 14:32:37 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Tue Feb 21 14:32:45 2006 Subject: Spam Assassin Not Running In-Reply-To: References: Message-ID: <43FB2485.6030609@gmx.de> On 21.02.2006 15:20, Jason Brault wrote: > However when my messages come in, and they?re picked up as spam they > don?t have the SA score attached to them, nor are there the > descriptions of what triggered the SA score. > ---- MailScanner.conf ---- # Do you want the full spam report, or just a simple "spam / not spam" report? Detailed Spam Report = yes # Do you want to include the numerical scores in the detailed SpamAssassin # report, or just list the names of the scores Include Scores In SpamAssassin Report = yes # Do you want to always include the Spam Report in the SpamCheck # header, even if the message wasn't spam? # This can also be the filename of a ruleset. Always Include SpamAssassin Report = no ----/---- -- shrek-m From JBrault at scotforge.com Tue Feb 21 15:05:41 2006 From: JBrault at scotforge.com (Jason Brault) Date: Tue Feb 21 15:05:46 2006 Subject: Spam Assassin Not Running Message-ID: AH HA! Thank you so much! I had been starring at it too long to realize what I was overlooking. Much appreciated! -Jason --------------- Jason Brault Communications Administrator - Scot Forge Company 8001 Winn Rd., Spring Grove, IL. 60081 Phone: (815) 675-4247 Fax: (815) 675-4129 Email: jbrault@scotforge.com -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shrek-m@gmx.de Sent: Tuesday, February 21, 2006 8:33 AM To: MailScanner discussion Subject: Re: Spam Assassin Not Running On 21.02.2006 15:20, Jason Brault wrote: > However when my messages come in, and they're picked up as spam they > don't have the SA score attached to them, nor are there the > descriptions of what triggered the SA score. > ---- MailScanner.conf ---- # Do you want the full spam report, or just a simple "spam / not spam" report? Detailed Spam Report = yes # Do you want to include the numerical scores in the detailed SpamAssassin # report, or just list the names of the scores Include Scores In SpamAssassin Report = yes # Do you want to always include the Spam Report in the SpamCheck # header, even if the message wasn't spam? # This can also be the filename of a ruleset. Always Include SpamAssassin Report = no ----/---- -- shrek-m -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From shuttlebox at gmail.com Tue Feb 21 16:20:59 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Feb 21 16:21:14 2006 Subject: install-Clam-SA.tar.gz -SPAM ASSASSIN HELP In-Reply-To: <009a01c636ec$52aae0f0$23c051cb@nocict> References: <009a01c636ec$52aae0f0$23c051cb@nocict> Message-ID: <625385e30602210820q78673308w4dc359f51b5b0c51@mail.gmail.com> On 2/21/06, Nauman Habib wrote: > > HI > > > I Have Just Built A Mail Server Using Latest SENDMAIL on FC2 Machine. > > I have Used Latest MAIL SCANNER and I m also Using install-Clam-SA.tar.gz( CLAM & SA ) package. > > I want to know - In this Package of Spam Assassin Where is the Spam > Assassin RULEZ? > > It is capturing some of the Spam, but leaves still a lot. > > I want to know where the Rules which can be Modifies according to my > Personal Needs are. > > If you can possible attach some Good Strict Rules as Example, it will be > nice. > Find out the exact package name by: # rpm -qa | grep -i spam Then list the files in it: # rpm -ql name-of-spamassassin-package My guess is /usr/share/spamassassin but you should never modify the original rules since they will be overwritten when you upgrade. Change scores, add rules and so on in /etc/mail/spamassassin. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060221/48c67957/attachment.html From dmehler26 at woh.rr.com Tue Feb 21 18:09:13 2006 From: dmehler26 at woh.rr.com (Dave) Date: Tue Feb 21 18:18:23 2006 Subject: reject message for single address References: <009a01c636ec$52aae0f0$23c051cb@nocict> Message-ID: <001501c63711$ebee9110$0200a8c0@satellite> Hello, I've got a situation where an email address for a domain which was previously monitored now needs to send back an autoreply message and something more than a one-liner to anyone who emails it asking for support. I looked in to sendmail's access controls, but think the MailScanner reject message option would be better. Can i make reject message work only for a single address or group of addresses and to send back a message contained within a file? Thanks. Dave. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060221/ff2ed38f/attachment.html From jwilliams at courtesymortgage.com Tue Feb 21 18:25:06 2006 From: jwilliams at courtesymortgage.com (Jason Williams) Date: Tue Feb 21 18:24:14 2006 Subject: MailScanner, postfix and exchange server as a gateway Message-ID: <01BCE961CD5E4146B83F920FC6A4F2351F6FAB@cmexchange01.CourtesyMortgage.local> I'll share my experiences here. The first time I rolled out Mailscanner, I used Sendmail. Sendmail worked and did its job and I was happy for the most part. However, in December, I wanted to use Postfix, for a variety of reasons. So I updated our setup and used Postfix. With that, I an say this: Postfix is just awesome. It just flat out rocks and I have the utmost confidence in Postfix. It is extremely customizable and I have noticed a considerable difference in my ability to reject SPAM just at the MTA level. With just a real simple setup of postfix, you can tell postfix do reject incoming connections that don't do proper HELO checks (not sure if you can in sendmail...maybe, but not sure). It was so simple to setup in Postfix. Just add the entry in main.cf, reload and your golden. Sendmail is also a good MTA. I am just loving Postfix right now. Customizable, secure, fast and reliable. Anyway, just my two cents. Jason -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Admin Sent: Tuesday, February 21, 2006 3:37 AM To: mailscanner@lists.mailscanner.info Subject: MailScanner, postfix and exchange server as a gateway Hi, Currently I am using MailScanner 4.50.15-1 with postfix as a gateway for my exchange server , its run on FC4, Is it better to change to sendmail or stick with postfix?. If so how can I accept mail only for valid Exchange users in sendmail. Thanks In Advance. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mikej at rogers.com Tue Feb 21 19:02:50 2006 From: mikej at rogers.com (Mike Jakubik) Date: Tue Feb 21 19:02:46 2006 Subject: MailScanner, postfix and exchange server as a gateway In-Reply-To: <65178.194.70.180.170.1140526231.squirrel@webmail.r-bit.net> References: <43FAFB76.8090708@nmc.abacus.com.my> <65178.194.70.180.170.1140526231.squirrel@webmail.r-bit.net> Message-ID: <43FB63DA.5070901@rogers.com> Drew Marshall wrote: > On Tue, February 21, 2006 11:37, Admin wrote: > >> Hi, >> >> Currently I am using MailScanner 4.50.15-1 with postfix as a gateway for >> my exchange server , its run on FC4, Is it better to change to sendmail >> or stick with postfix?. If so how can I accept mail only for valid >> Exchange users in sendmail. >> > > Being some what biased, why would you want to change? Postfix does > everything that Sendmail does without re-compiling (Or, IMHO, without > needing to understand a strange language for the config file :-) ). > Also, postfix has a much much better security record than sendmail. From MailScanner at ecs.soton.ac.uk Tue Feb 21 19:53:39 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 21 19:53:46 2006 Subject: reject message for single address In-Reply-To: <001501c63711$ebee9110$0200a8c0@satellite> References: <009a01c636ec$52aae0f0$23c051cb@nocict> <001501c63711$ebee9110$0200a8c0@satellite> Message-ID: <43FB6FC3.4010502@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Please read up about rulesets, this will let you do exactly what you want. They are well documented in all the different sources of documentation. That includes the book, which I am sure you will find very useful. Dave wrote: > Hello, > I've got a situation where an email address for a domain which was > previously monitored now needs to send back an autoreply message and > something more than a one-liner to anyone who emails it asking for > support. I looked in to sendmail's access controls, but think the > MailScanner reject message option would be better. Can i make reject > message work only for a single address or group of addresses and to > send back a message contained within a file? > Thanks. > Dave. > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBQ/tvxBH2WUcUFbZUEQJg7ACg0H46Rab6FyGz0PmbDQmOLe81XqYAnRun g851AtgSQxNAg27xGyHHQBP0 =9GU0 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Feb 21 20:16:02 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 21 20:16:07 2006 Subject: Beta 4.51.1: "Add TNEF Contents" Message-ID: <43FB7502.5000003@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have added a new option to allow the attachments contained within a Microsoft TNEF ("Outlook Rich Text Format") to be added to the normal attachments contained in the message. This means that non-Outlook users can still read the attachments put in the message by badly configured Outlook or Exchange systems. Please can you give this option a try. It is switched on by default. Thanks folks. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBQ/t1AxH2WUcUFbZUEQI+SQCgzpVZIgJgp64WzHnTPllsjMdY058AnAnn alpDU/hTaqcrqty4IJAr4XwE =98rO -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jstork at pbco.ca Tue Feb 21 22:33:50 2006 From: jstork at pbco.ca (Johnny Stork) Date: Tue Feb 21 22:35:37 2006 Subject: Mailscanner/Sendmail Relaying has stopped!! Message-ID: <17574958.1140561230211.JavaMail.root@pbco-server3.pbco.ca> Well I dont know what happened today but here is my setup. gateway machine (running MailScanner on RHES4) which accepts all mail for the domain mydomain.ca This machine is out on the DMZ and so sendmail has a routing table entry to send all mail for our domain, back into an internal Scalix Mail server. Below is a "normal" maillog entry when it was working. You can see the mail getting relayed correctly to the internal mail server, penguin.mydomain.ca. Feb 19 04:23:15 gateway sendmail[23338]: k1JCN1uL020946: to=, delay=00:00:13, xdelay=00:00:00, mailer=esmtp, pri=177672, relay=penguin.mydomain.ca. [192.168.1.3], dsn=2.0.0, stat=Sent (Ok) But now, for some reason, MailScanner/Sendmail is not relaying the mail it receives, back into the primary mail server, penguin.mydomain.ca? Instead it is trying to send it back out to itself basically Feb 21 14:20:06 gateway sendmail[11683]: k1LMHrqI011613: to=, delay=00:02:12, xdelay=00:02:00, mailer=esmtp, pri=177260, relay=smtp. mydomain.ca [207.216.243.61], dsn=4.0.0, stat=Deferred: Connection timed out with smtp.mydomain.ca. All my mail is piling up in the sendmail que. Any suggestions??? I am in panic mode_______________________________ Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office 604-806-8840 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060221/a21381cb/attachment.html From doc at maddoc.net Tue Feb 21 22:50:41 2006 From: doc at maddoc.net (Doc Schneider) Date: Tue Feb 21 22:50:44 2006 Subject: Mailscanner/Sendmail Relaying has stopped!! In-Reply-To: <17574958.1140561230211.JavaMail.root@pbco-server3.pbco.ca> References: <17574958.1140561230211.JavaMail.root@pbco-server3.pbco.ca> Message-ID: <43FB9941.80002@maddoc.net> Johnny Stork wrote: > Well I dont know what happened today but here is my setup. > > gateway machine (running MailScanner on RHES4) which accepts all mail > for the domain mydomain.ca > > This machine is out on the DMZ and so sendmail has a routing table entry > to send all mail for our domain, back into an internal Scalix Mail > server. Below is a "normal" maillog entry when it was working. You can > see the mail getting relayed correctly to the internal mail server, > penguin.mydomain.ca. > > > Feb 19 04:23:15 gateway sendmail[23338]: k1JCN1uL020946: > to=, delay=00:00:13, xdelay=00:00:00, mailer=esmtp, > pri=177672, relay=penguin.mydomain.ca. [192.168.1.3], dsn=2.0.0, > stat=Sent (Ok) > > But now, for some reason, MailScanner/Sendmail is not relaying the mail > it receives, back into the primary mail server, penguin.mydomain.ca? > Instead it is trying to send it back out to itself basically > > > Feb 21 14:20:06 gateway sendmail[11683]: k1LMHrqI011613: > to=, delay=00:02:12, xdelay=00:02:00, mailer=esmtp, > pri=177260, relay=smtp. mydomain.ca [207.216.243.61], dsn=4.0.0, > stat=Deferred: Connection timed out with smtp.mydomain.ca. > > All my mail is piling up in the sendmail que. Any suggestions??? I am in > panic mode > _______________________________ > Johnny Stork > Information & Technology Manager > Provincial Blood Coordinating Office > 604-806-8840 > I'd check and maybe even restart your mailer on your internal network. Appears to me that it has dropped out for whatever reason. -- -Doc Lincoln, NE. From taz at taz-mania.com Tue Feb 21 23:02:08 2006 From: taz at taz-mania.com (Dennis Willson) Date: Tue Feb 21 23:02:13 2006 Subject: Mailscanner/Sendmail Relaying has stopped!! In-Reply-To: <17574958.1140561230211.JavaMail.root@pbco-server3.pbco.ca> References: <17574958.1140561230211.JavaMail.root@pbco-server3.pbco.ca> Message-ID: <43FB9BF0.4070704@taz-mania.com> Have there by any chance been any firewall changes? Johnny Stork wrote: > Well I dont know what happened today but here is my setup. > > gateway machine (running MailScanner on RHES4) which accepts all mail > for the domain mydomain.ca > > This machine is out on the DMZ and so sendmail has a routing table > entry to send all mail for our domain, back into an internal Scalix > Mail server. Below is a "normal" maillog entry when it was working. > You can see the mail getting relayed correctly to the internal mail > server, penguin.mydomain.ca. > > > Feb 19 04:23:15 gateway sendmail[23338]: k1JCN1uL020946: > to=, delay=00:00:13, xdelay=00:00:00, mailer=esmtp, > pri=177672, relay=penguin.mydomain.ca. [192.168.1.3], dsn=2.0.0, > stat=Sent (Ok) > > But now, for some reason, MailScanner/Sendmail is not relaying the > mail it receives, back into the primary mail server, > penguin.mydomain.ca? Instead it is trying to send it back out to > itself basically > > > Feb 21 14:20:06 gateway sendmail[11683]: k1LMHrqI011613: > to=, delay=00:02:12, xdelay=00:02:00, mailer=esmtp, > pri=177260, relay=smtp. mydomain.ca [207.216.243.61], dsn=4.0.0, > stat=Deferred: Connection timed out with smtp.mydomain.ca. > > All my mail is piling up in the sendmail que. Any suggestions??? I am > in panic mode > _______________________________ > Johnny Stork > Information & Technology Manager > Provincial Blood Coordinating Office > 604-806-8840 From jeff at image-src.com Tue Feb 21 23:16:20 2006 From: jeff at image-src.com (Jeff Graves) Date: Tue Feb 21 23:16:27 2006 Subject: OT: Sorbs DNSBL Message-ID: <000c01c6373c$d2eada90$5a0a10ac@bellingham.imagesrc.com> We're checking against sorbs dnsbl among others and I've noticed that anytime we have a problem with mail getting through it's because sorbs had it listed and when I turn sorbs off, the majority of spam that gets through are from servers listed on sorbs. The problem is that it blocks A LOT of legitimate domains (like hotmail, gmail, comcast, etc). I was just wondering what others' experiences with it were? Should I keep using it and add the hotmail, gmail, comcast, etc. IP's to my access db (could be thousands) or is sorbs not worth it? -- Jeff Graves, MCSA Image Source, Inc. 10 Mill Street Bellingham, MA 02019 508.966.5200 x31 - Phone 508.966.5170 - Fax jeff@image-src.com - Email www.image-src.com From Edge at twu.ca Wed Feb 22 00:08:39 2006 From: Edge at twu.ca (Richard Edge) Date: Wed Feb 22 00:11:02 2006 Subject: MailScanner, postfix and exchange server as a gateway Message-ID: I run the same setup here. I run a perl script I found called getadsmtp.pl (Google it) once a day and use the Postfix 'relay_recipient_maps' directive as follows: relay_recipient_maps = hash:/etc/postfix/twu_recipients.map Just modify getadsmtp.pl for your environment and you're good to go. It makes quite a difference here. From 35,000+ messages per day to 16,000+. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Admin Sent: Tuesday, February 21, 2006 3:37 AM To: mailscanner@lists.mailscanner.info Subject: MailScanner, postfix and exchange server as a gateway Hi, Currently I am using MailScanner 4.50.15-1 with postfix as a gateway for my exchange server , its run on FC4, Is it better to change to sendmail or stick with postfix?. If so how can I accept mail only for valid Exchange users in sendmail. Thanks In Advance. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From alex at nkpanama.com Wed Feb 22 01:49:13 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 22 01:49:22 2006 Subject: reject message for single address In-Reply-To: <43FB6FC3.4010502@ecs.soton.ac.uk> References: <009a01c636ec$52aae0f0$23c051cb@nocict> <001501c63711$ebee9110$0200a8c0@satellite> <43FB6FC3.4010502@ecs.soton.ac.uk> Message-ID: <43FBC319.3020609@nkpanama.com> And read up about using autoreply's. You can quickly become an NDR joe-job victim/unsuspecting attacker, and wind up on blacklists. You've been warned. ;) Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Please read up about rulesets, this will let you do exactly what you > want. They are well documented in all the different sources of > documentation. That includes the book, which I am sure you will find > very useful. > > Dave wrote: > >> Hello, >> I've got a situation where an email address for a domain which was >> previously monitored now needs to send back an autoreply message and >> something more than a one-liner to anyone who emails it asking for >> support. I looked in to sendmail's access controls, but think the >> MailScanner reject message option would be better. Can i make reject >> message work only for a single address or group of addresses and to >> send back a message contained within a file? >> Thanks. >> Dave. >> >> > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQA/AwUBQ/tvxBH2WUcUFbZUEQJg7ACg0H46Rab6FyGz0PmbDQmOLe81XqYAnRun > g851AtgSQxNAg27xGyHHQBP0 > =9GU0 > -----END PGP SIGNATURE----- > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060221/63108747/attachment.html From alex at nkpanama.com Wed Feb 22 01:52:53 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 22 01:52:59 2006 Subject: Beta 4.51.1: "Add TNEF Contents" In-Reply-To: <43FB7502.5000003@ecs.soton.ac.uk> References: <43FB7502.5000003@ecs.soton.ac.uk> Message-ID: <43FBC3F5.1020902@nkpanama.com> YAY Julian! I've got a braindead sysadmin down in Panama who, besides enabling every possible way to annoy people (like sending replies to address-forging viruses), has *every* user in a 200+ user company set to use RTF. Everybody's complained to him (all across the country) that they can't get the attachments his users send. This would let my users be the *only* ones that can receive them. I'll definitely put more pressure on my users to go ahead and buy the book - and if those that have old copies, to buy them again! ;) Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have added a new option to allow the attachments contained within a > Microsoft TNEF ("Outlook Rich Text Format") to be added to the normal > attachments contained in the message. > > This means that non-Outlook users can still read the attachments put in > the message by badly configured Outlook or Exchange systems. > > Please can you give this option a try. It is switched on by default. > > Thanks folks. > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQA/AwUBQ/t1AxH2WUcUFbZUEQI+SQCgzpVZIgJgp64WzHnTPllsjMdY058AnAnn > alpDU/hTaqcrqty4IJAr4XwE > =98rO > -----END PGP SIGNATURE----- > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From ecj at telpacific.com.au Wed Feb 22 02:11:39 2006 From: ecj at telpacific.com.au (ecj@telpacific.com.au) Date: Wed Feb 22 02:12:18 2006 Subject: redirecting Message-ID: <2734.203.88.231.77.1140574299.squirrel@203.88.231.77> Hello all. It's my first post. I haven't read all the docs on MailScanner yet because I want to make sure that what I am planning to do is possible. I've just been on this job for almost a month and I was assigned this project. What my boss wants is to redirect all spam mails intended for a select list of users' 'junk folder.' Much the same way as Yahoo and Hotmail. Can this be done thru MailScanner? Sorry again. I just need a quick answer before I delve into the mailing list archives and documentations. Thank you. From mailscanner at PDSCC.COM Wed Feb 22 05:50:11 2006 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Wed Feb 22 05:50:17 2006 Subject: suggestions for archiving and access to the archive Message-ID: <200602251715.JAA10639@sheridan.sibble.net> Somewhat off topic... Okay, using MS, I normally archive all in/out going email to a subfolder of /var/spool/MailScanner/archive using mbox format, however being able to read the archive or extract messages from it is a hassle, especially once the archive gets to say 3 or 4gb. Normally we try not to let it get that big, however depending on the number of mails that go through daily, it could easily get there quickly. We archive weekly to dvd, and zero the archive file. So using mbox, it makes it easy to backup the archive but a hassle to read the archive or resend email from the archive, not to mention the memory use when loading large mbox files. Now, I know going with maildir, it would be easy to view the archive, especially over imap, but archiving it to dvd seems like it would be a bit more complicated, especially since many times viewing the archive is done away from the Mailscanner machine and usually on an MS Windows machine. We've found that using Thunderbird allows viewing the archive file "offline", again however dealing with large archive files is a pain. I had hoped MailWatch would allow access to the archive, but no such luck. Another option would be to use hypermail and extract the archives contents into an html directory structure and accessible via apache So how are other people handling this kind of issue? My setup - Centos 4.2 - mailscanner and mailwatch - dovecot (imaps only) My requirements 1) fast access to the live/online archive, could be up to several gb's in size 2) ability to easily archive the archive file(s) to dvd to allow viewing on a windows machine 3) ability to easily empty/reset the archive file(s) on a set schedule, say once a week after they've been written to dvd -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From dmehler26 at woh.rr.com Wed Feb 22 08:02:27 2006 From: dmehler26 at woh.rr.com (Dave) Date: Wed Feb 22 08:11:45 2006 Subject: reject message for single address References: <009a01c636ec$52aae0f0$23c051cb@nocict> <001501c63711$ebee9110$0200a8c0@satellite> <43FB6FC3.4010502@ecs.soton.ac.uk> Message-ID: <014f01c63786$53199a50$0200a8c0@satellite> Hello, My question on rulesets is i am uncertain as to how to point to a file? The information i want to send back is much longer than a single line. So it would be a ruleset like: to: support@domain.com filename which i'm hoping would send the file. I've googled but don't see a method for invoking a file. Thanks. Dave. ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Tuesday, February 21, 2006 2:53 PM Subject: Re: reject message for single address > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Please read up about rulesets, this will let you do exactly what you > want. They are well documented in all the different sources of > documentation. That includes the book, which I am sure you will find > very useful. > > Dave wrote: >> Hello, >> I've got a situation where an email address for a domain which was >> previously monitored now needs to send back an autoreply message and >> something more than a one-liner to anyone who emails it asking for >> support. I looked in to sendmail's access controls, but think the >> MailScanner reject message option would be better. Can i make reject >> message work only for a single address or group of addresses and to >> send back a message contained within a file? >> Thanks. >> Dave. >> > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQA/AwUBQ/tvxBH2WUcUFbZUEQJg7ACg0H46Rab6FyGz0PmbDQmOLe81XqYAnRun > g851AtgSQxNAg27xGyHHQBP0 > =9GU0 > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From ram at netcore.co.in Wed Feb 22 08:20:15 2006 From: ram at netcore.co.in (Ramprasad) Date: Wed Feb 22 08:20:15 2006 Subject: Skipping spamchecks for smtpauth mails Message-ID: <1140596415.24252.21.camel@darkstar.netcore.co.in> Hi, I am using Mailscanner + postfix on our server which is used for smtp by some internal users too. These users use smtp authentication and send mails to any domain. How do I skip spamchecks for mails sent after smtp authentication Thanks Ram From scs at uwb.edu.pl Wed Feb 22 08:25:43 2006 From: scs at uwb.edu.pl (=?utf-8?Q?Grzegorz_Stale=C5=84czyk?=) Date: Wed Feb 22 08:25:32 2006 Subject: test list Message-ID: <804246157.20060222092543@uwb.edu.pl> Please ignore me, it's test. -- DZIAL SYSTEMOW KOMPUTEROWYCH I SIECI TELEINFORMATYCZNYCH Uniwersytet w Bialymstoku mgr in?. Grzegorz Stalenczyk e-mail: scs@uwb.edu.pl tel. (085) 745 70 95 From shuttlebox at gmail.com Wed Feb 22 09:07:53 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Feb 22 09:07:57 2006 Subject: redirecting In-Reply-To: <2734.203.88.231.77.1140574299.squirrel@203.88.231.77> References: <2734.203.88.231.77.1140574299.squirrel@203.88.231.77> Message-ID: <625385e30602220107u5c6d5a9aj91c846de9a84e86c@mail.gmail.com> On 2/22/06, ecj@telpacific.com.au wrote: > > Hello all. It's my first post. > I haven't read all the docs on MailScanner yet because I want to make sure > that what I am planning to do is possible. I've just been on this job for > almost a month and I was assigned this project. What my boss wants is to > redirect all spam mails intended for a select list of users' 'junk > folder.' Much the same way as Yahoo and Hotmail. > Can this be done thru MailScanner? > Sorry again. I just need a quick answer before I delve into the mailing > list archives and documentations. > If you mean a local junk folder in your mail client you need to set it up with a filter, all mail clients can do that (Outlook/Thunderbird and so on). MailScanner can add X-headers and/or changes in the subject line ({Spam?} at the start) for it to trigger on. You can also sort on spam score. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060222/39eb6c99/attachment.html From martinh at solid-state-logic.com Wed Feb 22 09:10:51 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Wed Feb 22 09:11:01 2006 Subject: MailScanner, postfix and exchange server as a gateway In-Reply-To: <43FB63DA.5070901@rogers.com> Message-ID: <002201c6378f$e0b1fd90$3004010a@martinhlaptop> In the last few years there's very little difference is the security record. Of you compare the overall lifetime of the two products then you're comparing a Model-T Ford to a Ford Focus....sendmail is way older than postfix and you've got to be careful of 'how' you compare the two. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Mike Jakubik > Sent: 21 February 2006 19:03 > To: MailScanner discussion > Subject: Re: MailScanner, postfix and exchange server as a gateway > > Drew Marshall wrote: > > On Tue, February 21, 2006 11:37, Admin wrote: > > > >> Hi, > >> > >> Currently I am using MailScanner 4.50.15-1 with postfix as a gateway > for > >> my exchange server , its run on FC4, Is it better to change to sendmail > >> or stick with postfix?. If so how can I accept mail only for valid > >> Exchange users in sendmail. > >> > > > > Being some what biased, why would you want to change? Postfix does > > everything that Sendmail does without re-compiling (Or, IMHO, without > > needing to understand a strange language for the config file :-) ). > > > > Also, postfix has a much much better security record than sendmail. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From scs at uwb.edu.pl Wed Feb 22 08:25:43 2006 From: scs at uwb.edu.pl (=?utf-8?Q?Grzegorz_Stale=C5=84czyk?=) Date: Wed Feb 22 09:32:09 2006 Subject: test list Message-ID: <804246157.20060222092543@uwb.edu.pl> Please ignore me, it's test. -- DZIAL SYSTEMOW KOMPUTEROWYCH I SIECI TELEINFORMATYCZNYCH Uniwersytet w Bialymstoku mgr in?. Grzegorz Stalenczyk e-mail: scs@uwb.edu.pl tel. (085) 745 70 95 From MailScanner at ecs.soton.ac.uk Wed Feb 22 09:32:03 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 22 09:32:13 2006 Subject: reject message for single address In-Reply-To: <014f01c63786$53199a50$0200a8c0@satellite> References: <009a01c636ec$52aae0f0$23c051cb@nocict> <001501c63711$ebee9110$0200a8c0@satellite> <43FB6FC3.4010502@ecs.soton.ac.uk> <014f01c63786$53199a50$0200a8c0@satellite> Message-ID: <9BA3656B-D222-49F5-8288-594A784E68E9@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- You use one ruleset to control the "Reject Message" setting, which is basically a yes/no response. The filename is set in another setting. If you want to change the filename so you send different reports to different people, use another ruleset on the option that sets the filename of the report. Give me a simple example of what you want to do and I'll show you what to put in and where. On 22 Feb 2006, at 08:02, Dave wrote: > Hello, > My question on rulesets is i am uncertain as to how to point to > a file? The information i want to send back is much longer than a > single line. So it would be a ruleset like: > to: support@domain.com filename > which i'm hoping would send the file. I've googled but don't see > a method for invoking a file. > Thanks. > Dave. > > ----- Original Message ----- From: "Julian Field" > > To: "MailScanner discussion" > Sent: Tuesday, February 21, 2006 2:53 PM > Subject: Re: reject message for single address > > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Please read up about rulesets, this will let you do exactly what you >> want. They are well documented in all the different sources of >> documentation. That includes the book, which I am sure you will find >> very useful. >> >> Dave wrote: >>> Hello, >>> I've got a situation where an email address for a domain >>> which was >>> previously monitored now needs to send back an autoreply message and >>> something more than a one-liner to anyone who emails it asking for >>> support. I looked in to sendmail's access controls, but think the >>> MailScanner reject message option would be better. Can i make reject >>> message work only for a single address or group of addresses and to >>> send back a message contained within a file? >>> Thanks. >>> Dave. >>> >> >> - -- Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.5 (Build 5050) >> >> iQA/AwUBQ/tvxBH2WUcUFbZUEQJg7ACg0H46Rab6FyGz0PmbDQmOLe81XqYAnRun >> g851AtgSQxNAg27xGyHHQBP0 >> =9GU0 >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBQ/wvlfw32o+k+q+hAQEzJwf/cJeLMeD1iS/Z7wq6UBbaFZCwmKpsj8yO x+0R1fC275J7PCmKlf9pnkXwQkg/im+L8X9gZ9X0lLBDp8c3zKKNSTopn+myRIQ/ l0Ly4XZmWALGjny0e4+LxHQVytsEHKa0GbefRN3k+5RHB/mvaY8MI/nf07yiMHNp 0sa3/srkZt17ZLMom0WsU2swIEHzlHjZtsslseKhKJ+5b/qb7/ea/vKYNPHgXLl6 E5FdLn6OR2/R1ExQoQau0z7XAlDrcgSKOrG2hcqLpDmWOQLy3S4tjdCCM7BbpxOb dnkSkH9+FqiwHMH6VqaLIK20skIVye/S/xHSxAY9BhJgaQKLjpf/iQ== =oN6O -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Feb 22 09:33:15 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 22 09:33:24 2006 Subject: Skipping spamchecks for smtpauth mails In-Reply-To: <1140596415.24252.21.camel@darkstar.netcore.co.in> References: <1140596415.24252.21.camel@darkstar.netcore.co.in> Message-ID: <76D19533-D532-452B-9BB3-2AE55AEC0C9B@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 22 Feb 2006, at 08:20, Ramprasad wrote: > Hi, > I am using Mailscanner + postfix on our server which is used for > smtp by > some internal users too. These users use smtp authentication and send > mails to any domain. > > How do I skip spamchecks for mails sent after smtp authentication - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBQ/wv3fw32o+k+q+hAQGUUwf+Ja8KkelZ8qxguZ5SIvycuj6fcFwHgP6I J9D9sS35syPnlfHzVrrzdHYoFUPHaCsP6d8AprJryjTMtz3BszIzuuZxNr7TTz3b 2q4Tp2p8yoG8QCEXlappOFjkAhy5U51P5GBHsRF+VNLs6wgACBQPsqCiGVU87Iqg Xm8teHgJUAaKkGxr7HW4is9J16kACTPLS8KgPSWf4VqZkT/cbFD2gkVw7UmFYlxB ERYLD2I4jLiCUxYAjAqTtEOIhhuCUz05/y5ZZFDQJYsS/+mu++oyDLQ49wEgtDph 0uhkvE6RnCeFZ50xAe8DrHu0PI9TVd35Qwb1XJufXdP9gFW4VmRU4Q== =se8y -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hansg at dandy.nl Wed Feb 22 09:49:56 2006 From: hansg at dandy.nl (Hans de Groot) Date: Wed Feb 22 09:50:15 2006 Subject: I only want one child process but it seems to ignore the max children setting. Message-ID: <20060222104213.31A0.HANSG@dandy.nl> Hello all, I would like mailscanner to only use one child process. It should check the queue every 60 seconds and process any mail that is there. But only using one process since I am low on system resources I set the option max children=1 But it seems to ignore this setting. I often see 2 or 3 children running. Am I doing something wrong? I am using Version 4.48.4-2. Regards, Hans de Groot email: hansg@dandy.nl www: http://www.dandy.nl -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Wed Feb 22 09:58:01 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Feb 22 09:58:07 2006 Subject: I only want one child process but it seems to ignore the max children setting. In-Reply-To: <20060222104213.31A0.HANSG@dandy.nl> References: <20060222104213.31A0.HANSG@dandy.nl> Message-ID: <625385e30602220158p46c74c6ax660f50dd1fcba920@mail.gmail.com> On 2/22/06, Hans de Groot wrote: > > Hello all, > > I would like mailscanner to only use one child process. > > It should check the queue every 60 seconds and process any mail that is > there. But only using one process since I am low on system resources > > I set the option max children=1 > > But it seems to ignore this setting. I often see 2 or 3 children running. > > Am I doing something wrong? > > I am using Version 4.48.4-2. > Are you sure that's children and not "helpers" like the wrapper scripts for Clam and so on? I use 5 children and therefor normally have six processes related to MS running: root 7294 3787 1 07:08:21 ? 1:30 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail root 6621 3787 1 07:03:10 ? 1:33 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail root 6725 3787 1 07:03:53 ? 1:33 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail root 3787 1 0 Feb 10 ? 0:01 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail root 7656 3787 1 07:11:01 ? 1:36 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail root 7720 3787 1 07:11:12 ? 1:30 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail But whenever something is happening more processes start as needed: root 7294 3787 1 07:08:21 ? 1:30 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail root 6621 3787 1 07:03:10 ? 1:33 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail root 6725 3787 1 07:03:53 ? 1:33 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail root 3787 1 0 Feb 10 ? 0:01 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail root 21922 6725 0 10:54:31 ? 0:00 /bin/sh /opt/MailScanner/lib/clamav-wrapper /usr/local -r --disable-summary --s root 21921 7656 3 10:54:30 ? 0:01 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail root 7656 3787 1 07:11:01 ? 1:35 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail root 7720 3787 1 07:11:12 ? 1:30 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060222/bd7b89ea/attachment.html From MailScanner at ecs.soton.ac.uk Wed Feb 22 10:05:10 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 22 10:05:25 2006 Subject: I only want one child process but it seems to ignore the max children setting. In-Reply-To: <20060222104213.31A0.HANSG@dandy.nl> References: <20060222104213.31A0.HANSG@dandy.nl> Message-ID: <2501CCD6-8D5D-4AF7-B3C4-16D3A57EC543@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 22 Feb 2006, at 09:49, Hans de Groot wrote: > Hello all, > > I would like mailscanner to only use one child process. > > It should check the queue every 60 seconds and process any mail > that is > there. But only using one process since I am low on system resources > > I set the option max children=1 > > But it seems to ignore this setting. I often see 2 or 3 children > running. No, everything is fine. The 1 child you have generates temporary processes for things like virus scanning. You will find that these extra processes come and go quite a lot. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBQ/w3Wfw32o+k+q+hAQFCJQgAk/kwNzgcgZH8PuaSTl4Bf5oh8Zr2z/Ru 5nuMZtqWJXK6DOdsSior8F3tXP0mt2qe+EEAyNfDzcVTpEl+K3u54gcc2n5ZUh7o EaicdULff4ulgopClPTBEMaL6cUvRVpId1kXuiFgBq1RMJdffE8RBtB8JzO5rTef GOWAhihwpub+vRPGeCreyCB0RMspKDRD6Nz/5DkONKjhNcFa+6X5lV3Hcx13jOtf KVxSc8lYYcpWj0Rv2ztazR8ToQmJX4lyo8Ysa64bBwhKGhmh/ymNYNyQNSH7EZ4Z yP4t9tFKEpWYOtjiRwMOoZK62wCeQ6eDgs044v9JibQ5qWUTDcn05g== =4arQ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hansg at dandy.nl Wed Feb 22 10:38:11 2006 From: hansg at dandy.nl (Hans de Groot) Date: Wed Feb 22 10:39:52 2006 Subject: I only want one child process but it seems to ignore the max children setting. In-Reply-To: <625385e30602220158p46c74c6ax660f50dd1fcba920@mail.gmail.com> References: <20060222104213.31A0.HANSG@dandy.nl> <625385e30602220158p46c74c6ax660f50dd1fcba920@mail.gmail.com> Message-ID: <20060222112922.31E3.HANSG@dandy.nl> Hi, No I am not sure :-) It's what mailwatch reports. It looks like 3 Mailscanners are running permanently (every time I use ps auxw I see them) root 618 0.0 0.3 44448 2432 ? SN Feb20 0:40 /usr/bin/php -q /usr/local/bin/sendmail_relay.php root 31795 0.0 0.0 15628 452 ? S Feb21 0:00 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner root 27749 0.3 5.0 44800 38776 ? S 09:49 0:22 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner root 28100 0.3 4.9 44524 38268 ? S 09:56 0:21 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner root 28102 0.3 5.0 44688 38688 ? S 09:56 0:21 MailWatch SQL This one apears some times and everry time it's a new PID. Might this be the child? root 1435 55.5 5.1 46052 39912 ? D 11:31 0:02 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner On Wed, 22 Feb 2006 10:58:01 +0100 shuttlebox wrote: > On 2/22/06, Hans de Groot wrote: Hello all, > > I would like mailscanner to only use one child process. > > It should check the queue every 60 seconds and process any mail that is > there. But only using one process since I am low on system resources > > I set the option max children=1 > > But it seems to ignore this setting. I often see 2 or 3 children running. > > Am I doing something wrong? > > I am using Version 4.48.4-2. > > > Are you sure that's children and not "helpers" like the wrapper scripts for Clam and so on? > > I use 5 children and therefor normally have six processes related to MS running: > > root 7294 3787 1 07:08:21 ? 1:30 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > root 6621 3787 1 07:03:10 ? 1:33 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > root 6725 3787 1 07:03:53 ? 1:33 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > root 3787 1 0 Feb 10 ? 0:01 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > root 7656 3787 1 07:11:01 ? 1:36 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > root 7720 3787 1 07:11:12 ? 1:30 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > > But whenever something is happening more processes start as needed: > > root 7294 3787 1 07:08:21 ? 1:30 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > root 6621 3787 1 07:03:10 ? 1:33 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > root 6725 3787 1 07:03:53 ? 1:33 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > root 3787 1 0 Feb 10 ? 0:01 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > root 21922 6725 0 10:54:31 ? 0:00 /bin/sh /opt/MailScanner/lib/clamav-wrapper /usr/local -r --disable-summary --s > root 21921 7656 3 10:54:30 ? 0:01 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > root 7656 3787 1 07:11:01 ? 1:35 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > root 7720 3787 1 07:11:12 ? 1:30 /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > > -- > /peter > -- > This message has been scanned for viruses and > dangerous content byMailScanner, and is > believed to be clean. --- Hans de Groot Email: hansg@dandy.nl www: http://www.dandy.nl -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hansg at dandy.nl Wed Feb 22 10:39:39 2006 From: hansg at dandy.nl (Hans de Groot) Date: Wed Feb 22 10:40:13 2006 Subject: I only want one child process but it seems to ignore the max children setting. In-Reply-To: <2501CCD6-8D5D-4AF7-B3C4-16D3A57EC543@ecs.soton.ac.uk> References: <20060222104213.31A0.HANSG@dandy.nl> <2501CCD6-8D5D-4AF7-B3C4-16D3A57EC543@ecs.soton.ac.uk> Message-ID: <20060222113816.31E6.HANSG@dandy.nl> Hi, Thanks for your answer. I gues it is allright then. It is just that mailwatch reports 2 or 3 childs active in it status table. Regards, Hans de Groot On Wed, 22 Feb 2006 10:05:10 +0000 Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > On 22 Feb 2006, at 09:49, Hans de Groot wrote: > > > Hello all, > > > > I would like mailscanner to only use one child process. > > > > It should check the queue every 60 seconds and process any mail > > that is > > there. But only using one process since I am low on system resources > > > > I set the option max children=1 > > > > But it seems to ignore this setting. I often see 2 or 3 children > > running. > > No, everything is fine. The 1 child you have generates temporary > processes for things like virus scanning. You will find that these > extra processes come and go quite a lot. > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQEVAwUBQ/w3Wfw32o+k+q+hAQFCJQgAk/kwNzgcgZH8PuaSTl4Bf5oh8Zr2z/Ru > 5nuMZtqWJXK6DOdsSior8F3tXP0mt2qe+EEAyNfDzcVTpEl+K3u54gcc2n5ZUh7o > EaicdULff4ulgopClPTBEMaL6cUvRVpId1kXuiFgBq1RMJdffE8RBtB8JzO5rTef > GOWAhihwpub+vRPGeCreyCB0RMspKDRD6Nz/5DkONKjhNcFa+6X5lV3Hcx13jOtf > KVxSc8lYYcpWj0Rv2ztazR8ToQmJX4lyo8Ysa64bBwhKGhmh/ymNYNyQNSH7EZ4Z > yP4t9tFKEpWYOtjiRwMOoZK62wCeQ6eDgs044v9JibQ5qWUTDcn05g== > =4arQ > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. --- Hans de Groot Email: hansg@dandy.nl www: http://www.dandy.nl -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ram at netcore.co.in Wed Feb 22 10:40:31 2006 From: ram at netcore.co.in (Ramprasad) Date: Wed Feb 22 10:40:33 2006 Subject: Skipping spamchecks for smtpauth mails In-Reply-To: <76D19533-D532-452B-9BB3-2AE55AEC0C9B@ecs.soton.ac.uk> References: <1140596415.24252.21.camel@darkstar.netcore.co.in> <76D19533-D532-452B-9BB3-2AE55AEC0C9B@ecs.soton.ac.uk> Message-ID: <1140604831.24252.24.camel@darkstar.netcore.co.in> On Wed, 2006-02-22 at 09:33 +0000, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > On 22 Feb 2006, at 08:20, Ramprasad wrote: > > > Hi, > > I am using Mailscanner + postfix on our server which is used for > > smtp by > > some internal users too. These users use smtp authentication and send > > mails to any domain. > > > > How do I skip spamchecks for mails sent after smtp authentication > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 I am sorry , I didnt get it ? Thanks Ram From pete at enitech.com.au Wed Feb 22 11:05:07 2006 From: pete at enitech.com.au (Pete Russell) Date: Wed Feb 22 11:05:28 2006 Subject: MailScanner, postfix and exchange server as a gateway - try these In-Reply-To: <1140528262.8711.125.camel@localhost.localdomain> References: <43FAFB76.8090708@nmc.abacus.com.my> <000801c636dd$276f0f60$3004010a@martinhlaptop> <1140528262.8711.125.camel@localhost.localdomain> Message-ID: <43FC4563.4090909@enitech.com.au> The postfix method of recipient list is superior to milterahead in that it doesnt rely on Exchange being up to function correctly, therefore it reduces the functionality of your gateway. IMO Please find attched the script we plodded from some one else, fixed it up and used oursewlves. 1. It queries AD for ALL of the possible SMTP address for every user in the specified domain. 2. Check that you havent tried to create an empty file (nothing worse than a 0byte recipiuent map) 3. Writes the recipient map and runs postmap. 4. emails you any error messages so you know what the script is failing. Simply add the lines to main.cf (we use multiple maps) relay_recipient_maps = hash:/etc/postfix/1-relay_recipients, hash:/etc/postfix/2-relay_recipients, I have the scripts attached to queries Lotus Domino (we use R5) and MS AD (we use 2003) You can see in the script its a sinmple matter to create ANY variation, or use regexp to write your maps to cover all the possible valid username variations for your company. Obviously since we made these i have been looking at using regexp, which would make easy work of combining heaps of this script into something much smaller/smarter. Hope it helps someone Steve Freegard wrote: > On Tue, 2006-02-21 at 11:51 +0000, Martin Hepworth wrote: > >>For my view, better the devil you know...both are valid, as is exim or >>qmail. > > > Indeed - for Exim users - this: > http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20040816/msg00126.html might be a good alternative. > > >>For sendmail you'll need to configure milter-ahead, see this.. >>http://www.fsl.com/support/Milter-Ahead-Exchange-Settings.pdf > > > Note that milter-ahead will only work correctly with Exchange 2003 as > it's the only version of Exchange that can be configured to actually > *reject* invalid users. > > Otherwise you have to fall back on the Postfix-style method and create a > valid user list. > > Cheers, > Steve. > -------------- next part -------------- #!/usr/bin/perl -w # LOTUS DOMINO LDAP DIRECTORY - USERNAMES # This script will pull all users' SMTP addresses from your Lotus Domino Directory # and list them in the # format "user@example.com OK" which Postfix uses with # relay_recipient_maps. # Be sure to double-check the path to perl above. # This requires Net::LDAP to be installed. To install Net::LDAP, at a shell # type "perl -MCPAN -e shell" and then "install Net::LDAP" use Net::LDAP; use Mail::Mailer; use Fcntl qw(:DEFAULT :flock); # Enter the path to your Postfix relay_recipient_maps file $RelayRecipientMaps = '/etc/postfix/1-relay_recipients'; $RecipientMaps = '1-relay_recipients'; # Script Number $sno="Script 1"; # enter the path to the postmap command (or you MTAs equivelent) $PostmapPath = "/usr/sbin/postmap"; # Enter the path to your log $HistoryLog = '/etc/postfix/.1-ldap_count'; # Enter the tmp file path $RandomValue = rand(9999) * rand(9999); $TmpFile = '/etc/postfix/.1-ldap_tmp' . "$$" . ".$RandomValue"; if (-e $TmpFile) { # Something fishy is going on. Try another file name. $RandomValue = rand(9999999) * rand(9999999); $TmpFile = '/usr/local/etc/postfix/.1-ldap_tmp' . "$$" . ".$RandomValue"; if (-e $TmpFile) { &ErrorLog("$sno - Temp file creation failed", "The tmp file $TmpFile already exists after two attempts at different file names. Update aborted."); } } # Enter the maximum variances permitted before the script will fai $UCD="50"; # Enter the FQDN of your Lotus Domino Directory below $dc1="notes.domain.com"; $dc2="10.1.10.4"; # Enter the LDAP container for your userbase. # The syntax is CN=Users,dc=example,dc=com # This can be found by installing the Windows 2000 Support Tools # then running ADSI Edit. # I use Softerra LDAP Browser to nav the LDAP tree and work out base, # username etc. # LDAP://domaincontroller1.example.com/CN=Users,DC=example,DC=com # which would be $hqbase="cn=Users,dc=example,dc=com" $hqbase="o=Domain"; # Enter the username & password for a valid user in your Domino Directory # with username in the form cn=username # Make sure the user's password does not expire. Note that this user # does not require any special privileges. # You can double-check this by typing the Internet Password # in the users person doc. # LDAP://domaincontroller1.example.com/CN=user,CN=Users,DC=example,DC=com # which would be $user="cn=user,cn=Users,dc=example,dc=com" $user="cn=Administrator"; $passwd="password"; # Enter the domain you want to append to your groupnames. # we implemented this so we could write maps that included new subdomains etc # that didnt appear in person doc info. (Global Domain docs) $domain1="domain1.com.au"; $domain2="sub.domain1.com.au"; $domain3="domain1.edu.au"; # Postmaster email address - send all error messages here. $postmaster='prussell@domain1.com.au'; # That's it, you're done. (Unless you want to play with the LDAP filters below). # TAB/SPACE you want to use to seperate the # email address and the permission eg prussell@domain1.com TAB/SPACE OK $sep="\t"; # Type of permission, eg REJECT or OK $perm="OK"; # Connecting to Lotus Domino Directory $noldapserver=0; $ldap = Net::LDAP->new($dc1) or $noldapserver=1; if ($noldapserver == 1) { $ldap = Net::LDAP->new($dc2) or &ErrorLog("$sno - No LDAP Server", "Cannot Access the LDAP server $dc2"); } $mesg = $ldap->bind ( dn => $user, password =>$passwd); if ( $mesg->code()) { &ErrorLog("Bad Password", "The password was invalid. Updated aborted."); } $searchbase = $hqbase; # Searching for users that are mail-enabled $mesg = $ldap->search (base => $searchbase, filter => "(|(givenname=*)(sn=*)(shortname=*))", attrs => "mail"); $entries = $mesg->count; if ($entries lt 1) { # die ($errormail); &ErrorLog("$sno - No LDAP queries matched your search", "No data was returned. Updated aborted"); #die ("error:", Connection to LDAP successfull. But nothing matched your search criteria"\n"); } my $UserCount = 0; open(OUT,">$TmpFile"); flock(OUT, LOCK_EX); # Filtering results for name variations. foreach my $entry ( $mesg->entries ) { $UserCount++; # SHORT NAME VARIATIONS - This will collect ALL shortnames for all users. # prussell@, pruss@, pete@, russell@ foreach my $tmp ( $entry->get_value( "shortname" ) ) { print OUT $tmp."\@$domain1$sep$perm\n"; print OUT $tmp."\@$domain2$sep$perm\n"; print OUT $tmp."\@$domain3$sep$perm\n"; # First initial.lastname $tmp # p.russell@ ($firstchar,$therest) = split(//,$tmp,2); $userwithdot = "$firstchar.$therest"; print OUT $userwithdot."\@$domain1$sep$perm\n"; print OUT $userwithdot."\@$domain2$sep$perm\n"; } # FULL NAME # pete.russell@ $sn = $entry->get_value( "sn" ); $fn = $entry->get_value( "givenname" ); print OUT "$fn.$sn\@$domain1$sep$perm\n"; print OUT "$fn.$sn\@$domain2$sep$perm\n"; } #close(OUT); flock(OUT, LOCK_UN); close(OUT); # Unbinding $ldap->unbind; if (!(-e $HistoryLog)) { # first time run, or someone erased our count file # system("/usr/bin/touch","$HistoryLog"); system("/bin/echo 0 > $HistoryLog"); } open(COUNT,"$HistoryLog") or &ErrorLog("$sno - History Log", "Unable to open $HistoryLog for reading: $!"); $CountLine = ; chomp($CountLine); if ($CountLine =~ /^(?:\d+)$/) { if ($CountLine - $UserCount > $UCD) { &ErrorLog("$sno - Results are down by $UCD", "Possible export corruption"); } } else { &ErrorLog("$sno - Count file is corrupt", "LastCount file is corrupt"); } close(COUNT); open(COUNT,">$HistoryLog") or &ErrorLog("History Log", "Unable to open $HistoryLog for writing: $!"); seek(COUNT, 0, 0); print COUNT "$UserCount\n"; close(COUNT); if (-e "$RelayRecipientMaps") { if (-e "$RelayRecipientMaps.backup") { unlink("$RelayRecipientMaps.backup"); } } system("/bin/cat $TmpFile > /usr/local/postfix/$RecipientMaps"); system("/bin/mv","$TmpFile","$RelayRecipientMaps"); system("$PostmapPath","$RelayRecipientMaps"); exit; sub ErrorLog { $Subject = "$_[0]"; $Message = "$_[1]"; my $mail = Mail::Mailer->new("sendmail"); $mail->open({ "From" => "$sno ", "To" => "$postmaster", "Subject" => "$Subject"}); print $mail "$Message\n"; $mail->close(); exit; } -------------- next part -------------- #!/usr/bin/perl -w # This script will pull all users' SMTP addresses from your Active Directory # (including primary and secondary email addresses) and list them in the # format "user@example.com OK" which Postfix uses with relay_recipient_maps. # Be sure to double-check the path to perl above. # This requires Net::LDAP to be installed. To install Net::LDAP, at a shell # type "perl -MCPAN -e shell" and then "install Net::LDAP" use Net::LDAP; use Net::LDAP::Control::Paged; use Net::LDAP::Constant ( "LDAP_CONTROL_PAGED" ); # Enter the path/file for the output $VALID = "/root/5-relay_recipients"; open VALID, ">$VALID" or die "CANNOT OPEN $VALID $!"; $RecipientMaps = '5-relay_recipients'; # Enter the FQDN of your Active Directory domain controllers below $dc1="10.1.10.8"; $dc2="10.2.2.32"; # Enter the LDAP container for your userbase. # The syntax is CN=Users,dc=mbs,dc=edu # This can be found by installing the Windows 2000 Support Tools # then running ADSI Edit. # In ADSI Edit, expand the "Domain NC [domaincontroller1.example.com]" & # you will see, for example, DC=example,DC=com (this is your base). # The Users Container will be specified in the right pane as # CN=Users depending on your schema (this is your container). # You can double-check this by clicking "Properties" of your user # folder in ADSI Edit and examining the "Path" value, such as: # LDAP://domaincontroller1.example.com/CN=Users,DC=example,DC=com # which would be $hqbase="cn=Users,dc=example,dc=com" # Note: You can also use just $hqbase="dc=example,dc=com" $hqbase="dc=domain,dc=local"; # Enter the username & password for a valid user in your Active Directory # with username in the form cn=username,cn=Users,dc=example,dc=com # Make sure the user's password does not expire. Note that this user # does not require any special privileges. # You can double-check this by clicking "Properties" of your user in # ADSI Edit and examining the "Path" value, such as: # LDAP://domaincontroller1.example.com/CN=user,CN=Users,DC=example,DC=com # which would be $user="cn=user,cn=Users,dc=example,dc=com" # Note: You can also use the UPN login: "user\@example.com" $user="CN=grice,OU=Public Accounts,OU=Enterprise,DC=domain,DC=local"; $passwd="password"; # Connecting to Active Directory domain controllers $noldapserver=0; $ldap = Net::LDAP->new($dc1) or $noldapserver=1; if ($noldapserver == 1) { $ldap = Net::LDAP->new($dc2) or die "Error connecting to specified domain controllers $@ \n"; } $mesg = $ldap->bind ( dn => $user, password =>$passwd); if ( $mesg->code()) { die ("error:", $mesg->code(),"\n"); } # How many LDAP query results to grab for each paged round # Set to under 1000 for Active Directory $page = Net::LDAP::Control::Paged->new( size => 990 ); @args = ( base => $hqbase, # Play around with this to grab objects such as Contacts, Public Folders, etc. # A minimal filter for just users with email would be: # filter => "(&(sAMAccountName=*)(mail=*))" filter => "(& (mailnickname=*) (| (&(objectCategory=person) (objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*))) (&(objectCategory=person)(objectClass=user)(|(homeMDB=*) (msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact)) (objectCategory=group)(objectCategory=publicFolder) ))", control => [ $page ], attrs => "proxyAddresses", ); my $cookie; while(1) { # Perform search my $mesg = $ldap->search( @args ); # Filtering results for proxyAddresses attributes foreach my $entry ( $mesg->entries ) { my $name = $entry->get_value( "cn" ); # LDAP Attributes are multi-valued, so we have to print each one. foreach my $mail ( $entry->get_value( "proxyAddresses" ) ) { # Test if the Line starts with one of the following lines: # proxyAddresses: [smtp|SMTP]: # and also discard this starting string, so that $mail is only the # address without any other characters... if ( $mail =~ s/^(smtp|SMTP)://gs ) { print VALID $mail." \t OK\n"; } } } # Only continue on LDAP_SUCCESS $mesg->code and last; # Get cookie from paged control my($resp) = $mesg->control( LDAP_CONTROL_PAGED ) or last; $cookie = $resp->cookie or last; # Set cookie in paged control $page->cookie($cookie); } if ($cookie) { # We had an abnormal exit, so let the server know we do not want any more $page->cookie($cookie); $page->size(0); $ldap->search( @args ); # Also would be a good idea to die unhappily and inform OP at this point die("LDAP query unsuccessful"); } # Add additional restrictions, users, etc. to the output file below. #print VALID "user\@domain1.com OK\n"; #print VALID "user\@domain2.com 550 User unknown.\n"; #print VALID "domain3.com 550 User does not exist.\n"; close VALID; system("/bin/cat $VALID > /usr/postfix/$RecipientMaps"); system("/usr/sbin/postmap","$VALID"); From shuttlebox at gmail.com Wed Feb 22 12:35:45 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Feb 22 12:35:49 2006 Subject: I only want one child process but it seems to ignore the max children setting. In-Reply-To: <20060222112922.31E3.HANSG@dandy.nl> References: <20060222104213.31A0.HANSG@dandy.nl> <625385e30602220158p46c74c6ax660f50dd1fcba920@mail.gmail.com> <20060222112922.31E3.HANSG@dandy.nl> Message-ID: <625385e30602220435x65303478uc6311fc25a48f1a9@mail.gmail.com> On 2/22/06, Hans de Groot wrote: > > This one apears some times and everry time it's a new PID. Might this be > the child? > root 1435 55.5 5.1 46052 39912 ? D 11:31 0:02 > /usr/bin/perl -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner No, it's probably spawned by your child process to do virus scanning. If you look at my example below: On Wed, 22 Feb 2006 10:58:01 +0100 > shuttlebox wrote: > > root 7294 3787 1 07:08:21 ? 1:30 /usr/bin/perl > -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > > root 6621 3787 1 07:03:10 ? 1:33 /usr/bin/perl > -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > > root 6725 3787 1 07:03:53 ? 1:33 /usr/bin/perl > -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > > root 3787 1 0 Feb 10 ? 0:01 /usr/bin/perl > -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > > root 21922 6725 0 10:54:31 ? 0:00 /bin/sh > /opt/MailScanner/lib/clamav-wrapper /usr/local -r --disable-summary --s > > root 21921 7656 3 10:54:30 ? 0:01 /usr/bin/perl > -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > > root 7656 3787 1 07:11:01 ? 1:35 /usr/bin/perl > -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > > root 7720 3787 1 07:11:12 ? 1:30 /usr/bin/perl > -I/opt/MailScanner/lib /opt/MailScanner/bin/MailScanner /opt/Mail > You see that 3787 is the parent, it stays until you stop MS. Process 7294, 6621, 6725, 7656 and 7720 are the children, they stay for four hours. Process 21921 is spawned by child 7656 to some work and so is 21922 (spawned by 6725), in this case virus scanning. The last two are temporary. A busy server might seem to have more children than configured but that's just because the children spawn new processes to do work. I hope that makes it more clear. :-) -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060222/8bd5dc15/attachment.html From alex at nkpanama.com Wed Feb 22 13:07:54 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 22 13:08:04 2006 Subject: redirecting In-Reply-To: <625385e30602220107u5c6d5a9aj91c846de9a84e86c@mail.gmail.com> References: <2734.203.88.231.77.1140574299.squirrel@203.88.231.77> <625385e30602220107u5c6d5a9aj91c846de9a84e86c@mail.gmail.com> Message-ID: <43FC622A.9020500@nkpanama.com> You may also be able to do this with MailScanner + a procmail script (someone please correct/enlighten me about something like this). Now that I think of it, could someone post a procmail recipe (or help with googling one from somewhere) that would automagically put everything that MailScanner marks as SPAM into a Junk folder? shuttlebox wrote: > On 2/22/06, *ecj@telpacific.com.au * > > wrote: > > Hello all. It's my first post. > I haven't read all the docs on MailScanner yet because I want to > make sure > that what I am planning to do is possible. I've just been on this > job for > almost a month and I was assigned this project. What my boss wants > is to > redirect all spam mails intended for a select list of users' 'junk > folder.' Much the same way as Yahoo and Hotmail. > Can this be done thru MailScanner? > Sorry again. I just need a quick answer before I delve into the > mailing > list archives and documentations. > > > If you mean a local junk folder in your mail client you need to set it > up with a filter, all mail clients can do that (Outlook/Thunderbird > and so on). MailScanner can add X-headers and/or changes in the > subject line ({Spam?} at the start) for it to trigger on. You can also > sort on spam score. > > -- > /peter -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060222/ccc25fb4/attachment.html From alex at nkpanama.com Wed Feb 22 13:12:14 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 22 13:12:23 2006 Subject: I only want one child process but it seems to ignore the max children setting. In-Reply-To: <20060222113816.31E6.HANSG@dandy.nl> References: <20060222104213.31A0.HANSG@dandy.nl> <2501CCD6-8D5D-4AF7-B3C4-16D3A57EC543@ecs.soton.ac.uk> <20060222113816.31E6.HANSG@dandy.nl> Message-ID: <43FC632E.5020009@nkpanama.com> I've set MailScanner to "1 child process only" when I've encountered two different scenarios: 1. Low system resources (128MB RAM, 5400rpm drives, 500Mhz CPU's) 2. Locking problems somewhere in the mix (either dovecot, or sendmail, or procmail, or something). Keeping only one process writing to the mailboxes seems to make it less likely. Hans de Groot wrote: > Hi, > > Thanks for your answer. > > I gues it is allright then. It is just that mailwatch reports 2 or 3 > childs active in it status table. > > Regards, > > Hans de Groot > > > On Wed, 22 Feb 2006 10:05:10 +0000 > Julian Field wrote: > > >> -----BEGIN PGP SIGNED MESSAGE----- >> >> >> On 22 Feb 2006, at 09:49, Hans de Groot wrote: >> >> >>> Hello all, >>> >>> I would like mailscanner to only use one child process. >>> >>> It should check the queue every 60 seconds and process any mail >>> that is >>> there. But only using one process since I am low on system resources >>> >>> I set the option max children=1 >>> >>> But it seems to ignore this setting. I often see 2 or 3 children >>> running. >>> >> No, everything is fine. The 1 child you have generates temporary >> processes for things like virus scanning. You will find that these >> extra processes come and go quite a lot. >> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.5 (Build 5050) >> >> iQEVAwUBQ/w3Wfw32o+k+q+hAQFCJQgAk/kwNzgcgZH8PuaSTl4Bf5oh8Zr2z/Ru >> 5nuMZtqWJXK6DOdsSior8F3tXP0mt2qe+EEAyNfDzcVTpEl+K3u54gcc2n5ZUh7o >> EaicdULff4ulgopClPTBEMaL6cUvRVpId1kXuiFgBq1RMJdffE8RBtB8JzO5rTef >> GOWAhihwpub+vRPGeCreyCB0RMspKDRD6Nz/5DkONKjhNcFa+6X5lV3Hcx13jOtf >> KVxSc8lYYcpWj0Rv2ztazR8ToQmJX4lyo8Ysa64bBwhKGhmh/ymNYNyQNSH7EZ4Z >> yP4t9tFKEpWYOtjiRwMOoZK62wCeQ6eDgs044v9JibQ5qWUTDcn05g== >> =4arQ >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> > > --- > Hans de Groot > Email: hansg@dandy.nl www: http://www.dandy.nl > > > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060222/023716dd/attachment.html From glenn.steen at gmail.com Wed Feb 22 13:24:44 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 22 13:24:48 2006 Subject: I only want one child process but it seems to ignore the max children setting. In-Reply-To: <20060222113816.31E6.HANSG@dandy.nl> References: <20060222104213.31A0.HANSG@dandy.nl> <2501CCD6-8D5D-4AF7-B3C4-16D3A57EC543@ecs.soton.ac.uk> <20060222113816.31E6.HANSG@dandy.nl> Message-ID: <223f97700602220524j4907e18fw@mail.gmail.com> On 22/02/06, Hans de Groot wrote: > Hi, > > Thanks for your answer. > > I gues it is allright then. It is just that mailwatch reports 2 or 3 > childs active in it status table. > > Regards, > > Hans de Groot > So? MailWatch counts the helpers too, and not *that* often either... All is likely OK, jost relax:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From joost at waversveld.nl Wed Feb 22 13:35:17 2006 From: joost at waversveld.nl (Joost Waversveld) Date: Wed Feb 22 13:33:06 2006 Subject: I only want one child process but it seems to ignore the max children setting. In-Reply-To: <43FC632E.5020009@nkpanama.com> References: <20060222104213.31A0.HANSG@dandy.nl> <2501CCD6-8D5D-4AF7-B3C4-16D3A57EC543@ecs.soton.ac.uk> <20060222113816.31E6.HANSG@dandy.nl> <43FC632E.5020009@nkpanama.com> Message-ID: <20060222143517.xp5kd2lbpcs0o8w4@webmail.waversveld.nl> > 2. Locking problems somewhere in the mix (either dovecot, or > sendmail, or procmail, or something). Keeping only one process > writing to the mailboxes seems to make it less likely. [Offtopic] Did you alter the locking type to posix when you're using sendmail 8.13.x or higher [/Offtopic] Regards, Joost From alex at nkpanama.com Wed Feb 22 13:40:25 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 22 13:40:33 2006 Subject: suggestions for archiving and access to the archive In-Reply-To: <200602251715.JAA10639@sheridan.sibble.net> References: <200602251715.JAA10639@sheridan.sibble.net> Message-ID: <43FC69C9.1060904@nkpanama.com> Harondel J. Sibble wrote: > the archive or extract messages from it is a hassle, especially once the > archive gets to say 3 or 4gb. Normally we try not to let it get that big, > If you use rulesets you can make several mbox files. "Subscribe" the IMAP user to these folders and you've got a working separate system, although you'll probably be archiving multiple copies of messages (say, a message for alice@yourdomain and for bob@yourdomain would probably get archived twice, or only alice's copy would, depending on your rulesets). You should also have a "catchall" rule at the end for when the messages are for users not on your ruleset that you may have forgotten about (weird aliases or whatever). > > My requirements > 1) fast access to the live/online archive, could be up to several gb's in > size > If you split by user (and whether it's incoming or outgoing), it's a whole lot faster. If you split by date, even more so (the .conf file has the ability to do this, IIRC). > 2) ability to easily archive the archive file(s) to dvd to allow viewing on a > windows machine > mkisofs -o backup.iso /home/archiveuser/mail/; cdrecord yadda yadda yadda... backup.iso > 3) ability to easily empty/reset the archive file(s) on a set schedule, say > once a week after they've been written to dvd > > Use mbox-purge (http://www.argon.org/~roderick/mbox-purge.html): mbox-purge --eval 'time - delivery_time > 60*60*24 * 7' /var/mail/* or something like that... > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From glenn.steen at gmail.com Wed Feb 22 13:47:23 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 22 13:47:26 2006 Subject: MailScanner, postfix and exchange server as a gateway - try these In-Reply-To: <43FC4563.4090909@enitech.com.au> References: <43FAFB76.8090708@nmc.abacus.com.my> <000801c636dd$276f0f60$3004010a@martinhlaptop> <1140528262.8711.125.camel@localhost.localdomain> <43FC4563.4090909@enitech.com.au> Message-ID: <223f97700602220547m74f7834fr@mail.gmail.com> Five words for you Pete... Put it in the wiki;-). You should be able to upload the scripts (image or other file) too. -- Glenn On 22/02/06, Pete Russell wrote: > The postfix method of recipient list is superior to milterahead in that > it doesnt rely on Exchange being up to function correctly, therefore it > reduces the functionality of your gateway. IMO > > Please find attched the script we plodded from some one else, fixed it > up and used oursewlves. > > 1. It queries AD for ALL of the possible SMTP address for every user in > the specified domain. > 2. Check that you havent tried to create an empty file (nothing worse > than a 0byte recipiuent map) > 3. Writes the recipient map and runs postmap. > 4. emails you any error messages so you know what the script is failing. > > Simply add the lines to main.cf (we use multiple maps) > > relay_recipient_maps = hash:/etc/postfix/1-relay_recipients, > hash:/etc/postfix/2-relay_recipients, > > I have the scripts attached to queries Lotus Domino (we use R5) and MS > AD (we use 2003) > > You can see in the script its a sinmple matter to create ANY variation, > or use regexp to write your maps to cover all the possible valid > username variations for your company. > > Obviously since we made these i have been looking at using regexp, which > would make easy work of combining heaps of this script into something > much smaller/smarter. > > Hope it helps someone > > > Steve Freegard wrote: > > On Tue, 2006-02-21 at 11:51 +0000, Martin Hepworth wrote: > > > >>For my view, better the devil you know...both are valid, as is exim or > >>qmail. > > > > > > Indeed - for Exim users - this: > > http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20040816/msg00126.html might be a good alternative. > > > > > >>For sendmail you'll need to configure milter-ahead, see this.. > >>http://www.fsl.com/support/Milter-Ahead-Exchange-Settings.pdf > > > > > > Note that milter-ahead will only work correctly with Exchange 2003 as > > it's the only version of Exchange that can be configured to actually > > *reject* invalid users. > > > > Otherwise you have to fall back on the Postfix-style method and create a > > valid user list. > > > > Cheers, > > Steve. > > > > > #!/usr/bin/perl -w > > # LOTUS DOMINO LDAP DIRECTORY - USERNAMES > # This script will pull all users' SMTP addresses from your Lotus Domino Directory > # and list them in the # format "user@example.com OK" which Postfix uses with > # relay_recipient_maps. > # Be sure to double-check the path to perl above. > > # This requires Net::LDAP to be installed. To install Net::LDAP, at a shell > # type "perl -MCPAN -e shell" and then "install Net::LDAP" > > use Net::LDAP; > use Mail::Mailer; > use Fcntl qw(:DEFAULT :flock); > > # Enter the path to your Postfix relay_recipient_maps file > $RelayRecipientMaps = '/etc/postfix/1-relay_recipients'; > $RecipientMaps = '1-relay_recipients'; > # Script Number > $sno="Script 1"; > > # enter the path to the postmap command (or you MTAs equivelent) > $PostmapPath = "/usr/sbin/postmap"; > # Enter the path to your log > $HistoryLog = '/etc/postfix/.1-ldap_count'; > > # Enter the tmp file path > $RandomValue = rand(9999) * rand(9999); > $TmpFile = '/etc/postfix/.1-ldap_tmp' . "$$" . ".$RandomValue"; > if (-e $TmpFile) { > # Something fishy is going on. Try another file name. > $RandomValue = rand(9999999) * rand(9999999); > $TmpFile = '/usr/local/etc/postfix/.1-ldap_tmp' . "$$" . ".$RandomValue"; > if (-e $TmpFile) { > &ErrorLog("$sno - Temp file creation failed", "The tmp file $TmpFile already exists after two attempts at different file names. Update aborted."); > } > } > > # Enter the maximum variances permitted before the script will fai > $UCD="50"; > > # Enter the FQDN of your Lotus Domino Directory below > $dc1="notes.domain.com"; > $dc2="10.1.10.4"; > > # Enter the LDAP container for your userbase. > # The syntax is CN=Users,dc=example,dc=com > # This can be found by installing the Windows 2000 Support Tools > # then running ADSI Edit. > # I use Softerra LDAP Browser to nav the LDAP tree and work out base, > # username etc. > # LDAP://domaincontroller1.example.com/CN=Users,DC=example,DC=com > # which would be $hqbase="cn=Users,dc=example,dc=com" > $hqbase="o=Domain"; > > # Enter the username & password for a valid user in your Domino Directory > # with username in the form cn=username > # Make sure the user's password does not expire. Note that this user > # does not require any special privileges. > # You can double-check this by typing the Internet Password > # in the users person doc. > # LDAP://domaincontroller1.example.com/CN=user,CN=Users,DC=example,DC=com > # which would be $user="cn=user,cn=Users,dc=example,dc=com" > $user="cn=Administrator"; > $passwd="password"; > > # Enter the domain you want to append to your groupnames. > # we implemented this so we could write maps that included new subdomains etc > # that didnt appear in person doc info. (Global Domain docs) > > $domain1="domain1.com.au"; > $domain2="sub.domain1.com.au"; > $domain3="domain1.edu.au"; > > # Postmaster email address - send all error messages here. > $postmaster='prussell@domain1.com.au'; > > # That's it, you're done. (Unless you want to play with the LDAP filters below). > > > > > # TAB/SPACE you want to use to seperate the > # email address and the permission eg prussell@domain1.com TAB/SPACE OK > > $sep="\t"; > > # Type of permission, eg REJECT or OK > $perm="OK"; > # Connecting to Lotus Domino Directory > $noldapserver=0; > $ldap = Net::LDAP->new($dc1) or > $noldapserver=1; > if ($noldapserver == 1) { > $ldap = Net::LDAP->new($dc2) or &ErrorLog("$sno - No LDAP Server", "Cannot Access the LDAP server $dc2"); > } > > $mesg = $ldap->bind ( dn => $user, password =>$passwd); > > if ( $mesg->code()) { > &ErrorLog("Bad Password", "The password was invalid. Updated aborted."); > } > > $searchbase = $hqbase; > > # Searching for users that are mail-enabled > $mesg = $ldap->search (base => $searchbase, > filter => "(|(givenname=*)(sn=*)(shortname=*))", > attrs => "mail"); > > $entries = $mesg->count; > > if ($entries lt 1) { > # die ($errormail); > &ErrorLog("$sno - No LDAP queries matched your search", "No data was returned. Updated aborted"); > #die ("error:", Connection to LDAP successfull. But nothing matched your search criteria"\n"); > } > > my $UserCount = 0; > open(OUT,">$TmpFile"); > flock(OUT, LOCK_EX); > # Filtering results for name variations. > foreach my $entry ( $mesg->entries ) { > $UserCount++; > > # SHORT NAME VARIATIONS - This will collect ALL shortnames for all users. > # prussell@, pruss@, pete@, russell@ > foreach my $tmp ( $entry->get_value( "shortname" ) ) { > print OUT $tmp."\@$domain1$sep$perm\n"; > print OUT $tmp."\@$domain2$sep$perm\n"; > print OUT $tmp."\@$domain3$sep$perm\n"; > > # First initial.lastname $tmp > # p.russell@ > ($firstchar,$therest) = split(//,$tmp,2); > $userwithdot = "$firstchar.$therest"; > print OUT $userwithdot."\@$domain1$sep$perm\n"; > print OUT $userwithdot."\@$domain2$sep$perm\n"; > } > > # FULL NAME > # pete.russell@ > $sn = $entry->get_value( "sn" ); > $fn = $entry->get_value( "givenname" ); > print OUT "$fn.$sn\@$domain1$sep$perm\n"; > print OUT "$fn.$sn\@$domain2$sep$perm\n"; > } > #close(OUT); > flock(OUT, LOCK_UN); > close(OUT); > > # Unbinding > $ldap->unbind; > > if (!(-e $HistoryLog)) { > # first time run, or someone erased our count file > # system("/usr/bin/touch","$HistoryLog"); > system("/bin/echo 0 > $HistoryLog"); > } > open(COUNT,"$HistoryLog") or &ErrorLog("$sno - History Log", "Unable to open $HistoryLog for reading: $!"); > $CountLine = ; > chomp($CountLine); > if ($CountLine =~ /^(?:\d+)$/) { > if ($CountLine - $UserCount > $UCD) { > &ErrorLog("$sno - Results are down by $UCD", "Possible export corruption"); > } > } else { &ErrorLog("$sno - Count file is corrupt", "LastCount file is corrupt"); } > close(COUNT); > > open(COUNT,">$HistoryLog") or &ErrorLog("History Log", "Unable to open $HistoryLog for writing: $!"); > seek(COUNT, 0, 0); > print COUNT "$UserCount\n"; > close(COUNT); > > > if (-e "$RelayRecipientMaps") { > if (-e "$RelayRecipientMaps.backup") { > unlink("$RelayRecipientMaps.backup"); > } > } > > system("/bin/cat $TmpFile > /usr/local/postfix/$RecipientMaps"); > system("/bin/mv","$TmpFile","$RelayRecipientMaps"); > system("$PostmapPath","$RelayRecipientMaps"); > exit; > > > sub ErrorLog { > $Subject = "$_[0]"; > $Message = "$_[1]"; > > my $mail = Mail::Mailer->new("sendmail"); > $mail->open({ > "From" => "$sno ", > "To" => "$postmaster", > "Subject" => "$Subject"}); > print $mail "$Message\n"; > $mail->close(); > exit; > } > > > #!/usr/bin/perl -w > > # This script will pull all users' SMTP addresses from your Active Directory > # (including primary and secondary email addresses) and list them in the > # format "user@example.com OK" which Postfix uses with relay_recipient_maps. > # Be sure to double-check the path to perl above. > > # This requires Net::LDAP to be installed. To install Net::LDAP, at a shell > # type "perl -MCPAN -e shell" and then "install Net::LDAP" > > use Net::LDAP; > use Net::LDAP::Control::Paged; > use Net::LDAP::Constant ( "LDAP_CONTROL_PAGED" ); > > # Enter the path/file for the output > $VALID = "/root/5-relay_recipients"; > open VALID, ">$VALID" or die "CANNOT OPEN $VALID $!"; > > $RecipientMaps = '5-relay_recipients'; > > # Enter the FQDN of your Active Directory domain controllers below > $dc1="10.1.10.8"; > $dc2="10.2.2.32"; > > # Enter the LDAP container for your userbase. > # The syntax is CN=Users,dc=mbs,dc=edu > # This can be found by installing the Windows 2000 Support Tools > # then running ADSI Edit. > # In ADSI Edit, expand the "Domain NC [domaincontroller1.example.com]" & > # you will see, for example, DC=example,DC=com (this is your base). > # The Users Container will be specified in the right pane as > # CN=Users depending on your schema (this is your container). > # You can double-check this by clicking "Properties" of your user > # folder in ADSI Edit and examining the "Path" value, such as: > # LDAP://domaincontroller1.example.com/CN=Users,DC=example,DC=com > # which would be $hqbase="cn=Users,dc=example,dc=com" > # Note: You can also use just $hqbase="dc=example,dc=com" > $hqbase="dc=domain,dc=local"; > > # Enter the username & password for a valid user in your Active Directory > # with username in the form cn=username,cn=Users,dc=example,dc=com > # Make sure the user's password does not expire. Note that this user > # does not require any special privileges. > # You can double-check this by clicking "Properties" of your user in > # ADSI Edit and examining the "Path" value, such as: > # LDAP://domaincontroller1.example.com/CN=user,CN=Users,DC=example,DC=com > # which would be $user="cn=user,cn=Users,dc=example,dc=com" > # Note: You can also use the UPN login: "user\@example.com" > $user="CN=grice,OU=Public Accounts,OU=Enterprise,DC=domain,DC=local"; > $passwd="password"; > > # Connecting to Active Directory domain controllers > $noldapserver=0; > $ldap = Net::LDAP->new($dc1) or > $noldapserver=1; > if ($noldapserver == 1) { > $ldap = Net::LDAP->new($dc2) or > die "Error connecting to specified domain controllers $@ \n"; > } > > $mesg = $ldap->bind ( dn => $user, > password =>$passwd); > if ( $mesg->code()) { > die ("error:", $mesg->code(),"\n"); > } > > # How many LDAP query results to grab for each paged round > # Set to under 1000 for Active Directory > $page = Net::LDAP::Control::Paged->new( size => 990 ); > > @args = ( base => $hqbase, > # Play around with this to grab objects such as Contacts, Public Folders, etc. > # A minimal filter for just users with email would be: > # filter => "(&(sAMAccountName=*)(mail=*))" > filter => "(& (mailnickname=*) (| (&(objectCategory=person) > (objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*))) > (&(objectCategory=person)(objectClass=user)(|(homeMDB=*) > (msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact)) > (objectCategory=group)(objectCategory=publicFolder) ))", > control => [ $page ], > attrs => "proxyAddresses", > ); > > my $cookie; > while(1) { > # Perform search > my $mesg = $ldap->search( @args ); > > # Filtering results for proxyAddresses attributes > foreach my $entry ( $mesg->entries ) { > my $name = $entry->get_value( "cn" ); > # LDAP Attributes are multi-valued, so we have to print each one. > foreach my $mail ( $entry->get_value( "proxyAddresses" ) ) { > # Test if the Line starts with one of the following lines: > # proxyAddresses: [smtp|SMTP]: > # and also discard this starting string, so that $mail is only the > # address without any other characters... > if ( $mail =~ s/^(smtp|SMTP)://gs ) { > print VALID $mail." \t OK\n"; > } > } > } > > # Only continue on LDAP_SUCCESS > $mesg->code and last; > > # Get cookie from paged control > my($resp) = $mesg->control( LDAP_CONTROL_PAGED ) or last; > $cookie = $resp->cookie or last; > > # Set cookie in paged control > $page->cookie($cookie); > } > > if ($cookie) { > # We had an abnormal exit, so let the server know we do not want any more > $page->cookie($cookie); > $page->size(0); > $ldap->search( @args ); > # Also would be a good idea to die unhappily and inform OP at this point > die("LDAP query unsuccessful"); > } > # Add additional restrictions, users, etc. to the output file below. > #print VALID "user\@domain1.com OK\n"; > #print VALID "user\@domain2.com 550 User unknown.\n"; > #print VALID "domain3.com 550 User does not exist.\n"; > > close VALID; > system("/bin/cat $VALID > /usr/postfix/$RecipientMaps"); > system("/usr/sbin/postmap","$VALID"); > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at nkpanama.com Wed Feb 22 13:52:56 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 22 13:53:01 2006 Subject: I only want one child process but it seems to ignore the max children setting. In-Reply-To: <20060222143517.xp5kd2lbpcs0o8w4@webmail.waversveld.nl> References: <20060222104213.31A0.HANSG@dandy.nl> <2501CCD6-8D5D-4AF7-B3C4-16D3A57EC543@ecs.soton.ac.uk> <20060222113816.31E6.HANSG@dandy.nl> <43FC632E.5020009@nkpanama.com> <20060222143517.xp5kd2lbpcs0o8w4@webmail.waversveld.nl> Message-ID: <43FC6CB8.4010601@nkpanama.com> Always. Editing mailscanner.conf is the first thing I do after an install. It's not a mailscanner locking problem, it's a dovecot locking problem in some rare instances (x64, non-linux distros, etc.) that I've had to deal with using 1 process, otherwise I get messages either delivered twice to the mailbox or being read twice from the mailbox, even if there's only one message in the mailbox. Joost Waversveld wrote: > >> 2. Locking problems somewhere in the mix (either dovecot, or >> sendmail, or procmail, or something). Keeping only one process >> writing to the mailboxes seems to make it less likely. > > [Offtopic] > Did you alter the locking type to posix when you're using sendmail > 8.13.x or higher > [/Offtopic] > > > Regards, > > Joost -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From rpoe at plattesheriff.org Wed Feb 22 15:41:14 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Wed Feb 22 15:41:35 2006 Subject: Mailscanner/Sendmail Relaying has stopped!! In-Reply-To: <17574958.1140561230211.JavaMail.root@pbco-server3.pbco.ca> References: <17574958.1140561230211.JavaMail.root@pbco-server3.pbco.ca> Message-ID: <43FC31BA.65ED.00A2.0@plattesheriff.org> Someone change your /etc/mail/local-host-names, /etc/mail/relay-domains or /etc/mail/mailertable ?? >>> jstork@pbco.ca 2/21/2006 4:33:50 pm >>> Well I dont know what happened today but here is my setup. gateway machine (running MailScanner on RHES4) which accepts all mail for the domain mydomain.ca This machine is out on the DMZ and so sendmail has a routing table entry to send all mail for our domain, back into an internal Scalix Mail server. Below is a "normal" maillog entry when it was working. You can see the mail getting relayed correctly to the internal mail server, penguin.mydomain.ca. Feb 19 04:23:15 gateway sendmail[23338]: k1JCN1uL020946: to=, delay=00:00:13, xdelay=00:00:00, mailer=esmtp, pri=177672, relay=penguin.mydomain.ca. [192.168.1.3], dsn=2.0.0, stat=Sent (Ok) But now, for some reason, MailScanner/Sendmail is not relaying the mail it receives, back into the primary mail server, penguin.mydomain.ca? Instead it is trying to send it back out to itself basically Feb 21 14:20:06 gateway sendmail[11683]: k1LMHrqI011613: to=, delay=00:02:12, xdelay=00:02:00, mailer=esmtp, pri=177260, relay=smtp. mydomain.ca [207.216.243.61], dsn=4.0.0, stat=Deferred: Connection timed out with smtp.mydomain.ca. All my mail is piling up in the sendmail que. Any suggestions??? I am in panic mode_______________________________ Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office 604-806-8840 From dwinkler at algorithmics.com Wed Feb 22 15:51:08 2006 From: dwinkler at algorithmics.com (Derek Winkler) Date: Wed Feb 22 15:51:18 2006 Subject: Mailscanner/Sendmail Relaying has stopped!! Message-ID: <570A16F7DB56C242B26876067D682FD00248BC47@TORMAIL.algorithmics.com> This happened to me when the internal systems weren't available for a long period of time. Was using mailertable to route to internal systems. Was fixed after restarting named. _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Johnny Stork Sent: Tuesday, February 21, 2006 5:34 PM To: mailscanner@lists.mailscanner.info Subject: Mailscanner/Sendmail Relaying has stopped!! Well I dont know what happened today but here is my setup. gateway machine (running MailScanner on RHES4) which accepts all mail for the domain mydomain.ca This machine is out on the DMZ and so sendmail has a routing table entry to send all mail for our domain, back into an internal Scalix Mail server. Below is a "normal" maillog entry when it was working. You can see the mail getting relayed correctly to the internal mail server, penguin.mydomain.ca. Feb 19 04:23:15 gateway sendmail[23338]: k1JCN1uL020946: to=, delay=00:00:13, xdelay=00:00:00, mailer=esmtp, pri=177672, relay=penguin.mydomain.ca. [192.168.1.3], dsn=2.0.0, stat=Sent (Ok) But now, for some reason, MailScanner/Sendmail is not relaying the mail it receives, back into the primary mail server, penguin.mydomain.ca? Instead it is trying to send it back out to itself basically Feb 21 14:20:06 gateway sendmail[11683]: k1LMHrqI011613: to=, delay=00:02:12, xdelay=00:02:00, mailer=esmtp, pri=177260, relay=smtp. mydomain.ca [207.216.243.61], dsn=4.0.0, stat=Deferred: Connection timed out with smtp.mydomain.ca. All my mail is piling up in the sendmail que. Any suggestions??? I am in panic mode _______________________________ Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office 604-806-8840 This email and any files transmitted with it are confidential and proprietary to Algorithmics Incorporated and its affiliates ("Algorithmics"). If received in error, use is prohibited. Please destroy, and notify sender. Sender does not waive confidentiality or privilege. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. Algorithmics does not accept liability for any errors or omissions. Any commitment intended to bind Algorithmics must be reduced to writing and signed by an authorized signatory. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060222/b163546d/attachment.html From mrm at medicine.wisc.edu Wed Feb 22 16:07:13 2006 From: mrm at medicine.wisc.edu (Michael Masse) Date: Wed Feb 22 16:07:50 2006 Subject: dropping based on attachment code signatures Message-ID: I haven't been able to find out in the documentation or list archives if it's possible to have MS scan for a code signature and if a match found, drop the email? I have a procmail script that is currently doing this, but it's really inefficient since MS passes the email to the script only when it's done and has reassembled the email back together again, so the procmail script has to tear the email down all over again. Mike From MailScanner at ecs.soton.ac.uk Wed Feb 22 16:29:04 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 22 16:29:14 2006 Subject: dropping based on attachment code signatures In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Please define "code signature". On 22 Feb 2006, at 16:07, Michael Masse wrote: > I haven't been able to find out in the documentation or list > archives if it's possible to have MS scan for a code signature and > if a match found, drop the email? I have a procmail script that > is currently doing this, but it's really inefficient since MS > passes the email to the script only when it's done and has > reassembled the email back together again, so the procmail script > has to tear the email down all over again. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBQ/yRUvw32o+k+q+hAQHjGQgAkRuFwtcIrWh5S8O20dArsuALWFwsvpy6 7OL0dU2HjUudxinxrngjE5URycvj2D7LhqsNIPrE4LyrigY6DNlf1LyaA2aQt/Jr 4Y88d59t+jo+TzCLJMaGK9IoqbUeOJqc1j76ldLMzE5IyowKzwsIoqfx5zR9iUOy oZvGltNdmKV4HZZTMsz29om7GFDoK/AVarsutO5Jyij5lvi+w/Dg+JEyIJ+gmTEX xlvJA5oVcUyl+631fjXgFliU7eIj14IloIPAUj0Eu5xwlCQZol7AeLP+oUUlaQni gAWwFAWB4CKTTnuLdZfEJRNm3NynKykkZ7SqxCwgFn1ZYbj6P81RkQ== =1La+ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Wed Feb 22 16:43:50 2006 From: rcooper at dwford.com (Rick Cooper) Date: Wed Feb 22 16:43:59 2006 Subject: Beta 4.51.1: "Add TNEF Contents" In-Reply-To: <43FB7502.5000003@ecs.soton.ac.uk> Message-ID: I did a few tests sending pure RTF from outlook and all the clients I tested were able to handle the attachments fine. I tested: Agent 1.9 Pegasus 3.2 Thunderbird 1.5 Outlook 2000 KMail 1.43 I did not test any other *nix clients. Rick Cooper > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > Field > Sent: Tuesday, February 21, 2006 3:16 PM > To: MailScanner discussion > Subject: Beta 4.51.1: "Add TNEF Contents" > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have added a new option to allow the attachments contained within a > Microsoft TNEF ("Outlook Rich Text Format") to be added to the normal > attachments contained in the message. > > This means that non-Outlook users can still read the attachments put in > the message by badly configured Outlook or Exchange systems. > > Please can you give this option a try. It is switched on by default. > > Thanks folks. > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQA/AwUBQ/t1AxH2WUcUFbZUEQI+SQCgzpVZIgJgp64WzHnTPllsjMdY058AnAnn > alpDU/hTaqcrqty4IJAr4XwE > =98rO > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Feb 22 16:51:34 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 22 16:51:47 2006 Subject: Beta 4.51.1: "Add TNEF Contents" In-Reply-To: References: Message-ID: <43FC9696.1030003@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yay! Thankyou very much for the thorough testing. In my own tests, all the MIME structures looked to be correct. I hope people find this feature useful, I know it will resolve issues I am having with the Royal Air Force at the moment :-) Rick Cooper wrote: > I did a few tests sending pure RTF from outlook and all the clients I tested > were able to handle the attachments fine. I tested: > > Agent 1.9 > Pegasus 3.2 > Thunderbird 1.5 > Outlook 2000 > KMail 1.43 > > I did not test any other *nix clients. > > Rick Cooper > > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian >> Field >> Sent: Tuesday, February 21, 2006 3:16 PM >> To: MailScanner discussion >> Subject: Beta 4.51.1: "Add TNEF Contents" >> >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I have added a new option to allow the attachments contained within a >> Microsoft TNEF ("Outlook Rich Text Format") to be added to the normal >> attachments contained in the message. >> >> This means that non-Outlook users can still read the attachments put in >> the message by badly configured Outlook or Exchange systems. >> >> Please can you give this option a try. It is switched on by default. >> >> Thanks folks. >> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.5 (Build 5050) >> >> iQA/AwUBQ/t1AxH2WUcUFbZUEQI+SQCgzpVZIgJgp64WzHnTPllsjMdY058AnAnn >> alpDU/hTaqcrqty4IJAr4XwE >> =98rO >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> >> > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBQ/yWnxH2WUcUFbZUEQJDCgCePgvH5k0VKMl7Jo2wZARit6hmmt4An2YR IS7sqPxXPwKZLnegmCi18EjG =2MXz -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Wed Feb 22 17:00:25 2006 From: rcooper at dwford.com (Rick Cooper) Date: Wed Feb 22 17:00:53 2006 Subject: Beta 4.51.1: "Add TNEF Contents" In-Reply-To: <43FC9696.1030003@ecs.soton.ac.uk> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > Field > Sent: Wednesday, February 22, 2006 11:52 AM > To: MailScanner discussion > Subject: Re: Beta 4.51.1: "Add TNEF Contents" > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Yay! Thankyou very much for the thorough testing. In my own tests, all > the MIME structures looked to be correct. > > I hope people find this feature useful, I know it will resolve issues I > am having with the Royal Air Force at the moment :-) > I forgot to mention I tested with RTF message only, with EICAR attachment and with banned file type & name attachments and all processed as they should have. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From DCurtis at sbschools.net Wed Feb 22 17:15:11 2006 From: DCurtis at sbschools.net (David Curtis) Date: Wed Feb 22 17:15:36 2006 Subject: MailScanner, postfix and exchange server as a gateway Message-ID: I have been following this thread. We are switching over to Exchange and I have tested this option and it seams to work great. Has any one come across a similar script file or know how to get the same address listing from GroupWise? the reason I ask is because our migration is still 4 - 6 month's away. Thanks. >>> Edge@twu.ca 2/21/2006 7:08:39 PM >>> I run the same setup here. I run a perl script I found called getadsmtp.pl (Google it) once a day and use the Postfix 'relay_recipient_maps' directive as follows: relay_recipient_maps = hash:/etc/postfix/twu_recipients.map Just modify getadsmtp.pl for your environment and you're good to go. It makes quite a difference here. From 35,000+ messages per day to 16,000+. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge twu.ca| www.twu.ca/technology -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Admin Sent: Tuesday, February 21, 2006 3:37 AM To: mailscanner@lists.mailscanner.info Subject: MailScanner, postfix and exchange server as a gateway Hi, Currently I am using MailScanner 4.50.15-1 with postfix as a gateway for my exchange server , its run on FC4, Is it better to change to sendmail or stick with postfix?. If so how can I accept mail only for valid Exchange users in sendmail. Thanks In Advance. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060222/49ca4969/attachment.html From llasad1 at yahoo.com Wed Feb 22 17:49:39 2006 From: llasad1 at yahoo.com (lester lasad) Date: Wed Feb 22 17:49:42 2006 Subject: Blocking email with an embedded attachment Message-ID: <20060222174939.22990.qmail@web51614.mail.yahoo.com> Is it possible, and if so how do I block an email with an embedded attachment? My users continue to receive the same email (from different addresses/hosts)on a daily basis, the only constant I am seeing is an attachment called "38.jpg" in the header. I have included some of the header below, the last portion shows the attachment name. Please let me know if there is anyway to stop this. I have reviewed the filename.rules.conf and filetype.rules.conf but this does not seem to provide what I am looking for. Thanks for the help. Fedora Core 1 MailScanner 4.49.7 SpamAssassin 3.00 --snip-- Content-Type: multipart/related; boundary="----=_NextPart_000_0051_01C631DB.DA3C46A0"; ------=_NextPart_000_0051_01C631DB.DA3C46A0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0052_01C631DB.DA3C46A0" ------=_NextPart_001_0052_01C631DB.DA3C46A0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="us-ascii" in their respective time zones facing the wrath of Rowling's publishers, if not the publishers' attorneys. ------=_NextPart_001_0052_01C631DB.DA3C46A0 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="us-ascii"
3D""
The most anticipated of the bunch arrives July 16 with the sixth book in the Harry Potter series, "Harry Potter and the Half-Blood Prince."
------=_NextPart_001_0052_01C631DB.DA3C46A0-- ------=_NextPart_000_0051_01C631DB.DA3C46A0 Content-Type: image/jpeg; name="38.jpg" Content-ID: <005001c631a1$2ddafda0$6400a8c0@VAIO> Content-Transfer-Encoding: base64 __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From MailScanner at ecs.soton.ac.uk Wed Feb 22 17:58:02 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 22 17:58:10 2006 Subject: Webmin module for MailScanner unavailable In-Reply-To: <43FCA398.8020308@raventhorne.net> References: <43FCA398.8020308@raventhorne.net> Message-ID: <43FCA62A.3020806@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chris, Chris Leahy wrote: > Hello Mr. Field, > > I've been attempting to obtain the Webmin module for some time. > The better part of a year actually. The webmin site says that the > module is GPL licensed, but I am unable to access the page. > > It requires authentication. Asks for a login and password to access > the page > in your link, which is the same link provided on the Webmin site. > > http://lushsoft.dyndns.org/mailscanner-webmin > > I have no credentials that will let me in and I cant find any information > about how to gain access. > > I waited for so long simply because I can get by without it, but it > would be > nice to be able to manage it through webmin :-) I don't know much about this, but someone on the list must be using it. Can anyone else help out this gentleman for me please? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBQ/ymKxH2WUcUFbZUEQLknQCglWWhreZoLuQ4jFGtqcv8jR13oqAAoKbY MhFk6sD8IgGVIKGqnrSj/RYw =abII -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Feb 22 18:04:08 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 22 18:04:15 2006 Subject: Blocking email with an embedded attachment In-Reply-To: <20060222174939.22990.qmail@web51614.mail.yahoo.com> References: <20060222174939.22990.qmail@web51614.mail.yahoo.com> Message-ID: <43FCA798.8040506@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Why can't you just use filename.rules.conf to do it? If you want to throw away the whole message then use "deny+delete" and not just "deny". Feel free to contribute some more/better documentation for the top of this file :-) lester lasad wrote: > Is it possible, and if so how do I block an email with > an embedded attachment? My users continue to receive > the same email (from different addresses/hosts)on a > daily basis, the only constant I am seeing is an > attachment called "38.jpg" in the header. I have > included some of the header below, the last portion > shows the attachment name. Please let me know if > there is anyway to stop this. I have reviewed the > filename.rules.conf and filetype.rules.conf but this > does not seem to provide what I am looking for. > Thanks for the help. > > Fedora Core 1 > MailScanner 4.49.7 > SpamAssassin 3.00 > > --snip-- > Content-Type: multipart/related; > > boundary="----=_NextPart_000_0051_01C631DB.DA3C46A0"; > > > ------=_NextPart_000_0051_01C631DB.DA3C46A0 > Content-Type: multipart/alternative; > > boundary="----=_NextPart_001_0052_01C631DB.DA3C46A0" > > > ------=_NextPart_001_0052_01C631DB.DA3C46A0 > Content-Transfer-Encoding: quoted-printable > Content-Type: text/plain; > charset="us-ascii" > > > in their respective time zones facing the wrath of > Rowling's publishers, if not the publishers' > attorneys. > ------=_NextPart_001_0052_01C631DB.DA3C46A0 > Content-Transfer-Encoding: quoted-printable > Content-Type: text/html; > charset="us-ascii" > > Transitional//EN"> > > charset=3Dus-ascii"> > name=3DGENERATOR> > > > >
href=3D"http://qwomdk.purplguar.info/?23295343"> alt=3D"" hspace=3D0 = > src=3D"cid:005001c631a1$2ddafda0$6400a8c0@VAIO" > align=3Dbaseline=20 > border=3D0>
>
color=3D#ffffff=20 > size=3D2>The most anticipated of the bunch arrives > July 16 with the sixth book in the Harry Potter > series, "Harry Potter and the Half-Blood > Prince."
> > ------=_NextPart_001_0052_01C631DB.DA3C46A0-- > > ------=_NextPart_000_0051_01C631DB.DA3C46A0 > Content-Type: image/jpeg; > name="38.jpg" > Content-ID: <005001c631a1$2ddafda0$6400a8c0@VAIO> > Content-Transfer-Encoding: base64 > > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBQ/ynmRH2WUcUFbZUEQKqhQCghrsNvb8gECQla5ZdyewsUmwEWp0An2fE oYwFhHB0XIgm3aNAQXM1iZ6S =thlw -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From drewburchett at yahoo.com Wed Feb 22 18:06:43 2006 From: drewburchett at yahoo.com (Drew Burchett) Date: Wed Feb 22 18:06:46 2006 Subject: MailScanner can't keep up Message-ID: <20060222180643.11489.qmail@web52901.mail.yahoo.com> I have MailScanner 4.5 set up on Suse Linux 10.0 use Postfix 2.2.3 as an MTA. Messages are being received fine, but MailScanner is choking on the volume trying to process them. According to MailWatch, I am averaging receiving 700 messages per hour to be scanned (tons more are being delivered, but filtered by Postfix). On average, MailScanner is reporting taking about 900 seconds per 15 message batch. I have it limited to 10 child processes. The server it is running on is a 3.0 Ghz with 512 Mb memory and a 40Gig SCSI hard drive divided into three partitions. If you need any other informaiton to help me diagnose this problem, please let me know and I'll be glad to post it. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From rcooper at dwford.com Wed Feb 22 18:08:41 2006 From: rcooper at dwford.com (Rick Cooper) Date: Wed Feb 22 18:09:04 2006 Subject: Webmin module for MailScanner unavailable In-Reply-To: <43FCA62A.3020806@ecs.soton.ac.uk> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > Field > Sent: Wednesday, February 22, 2006 12:58 PM > To: Chris Leahy; MailScanner discussion > Subject: Re: Webmin module for MailScanner unavailable > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Chris, > > Chris Leahy wrote: > > Hello Mr. Field, > > > > I've been attempting to obtain the Webmin module for some time. > > The better part of a year actually. The webmin site says that the > > module is GPL licensed, but I am unable to access the page. > > [...] > > I waited for so long simply because I can get by without it, but it > > would be > > nice to be able to manage it through webmin :-) > I don't know much about this, but someone on the list must be using it. > > Can anyone else help out this gentleman for me please? > It's pretty much useless. It hasn't been updated since something like 2003 and even then it was incomplete IIRC. Rick Cooper -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From smlists at shaw.ca Wed Feb 22 18:11:23 2006 From: smlists at shaw.ca (Steve Mason) Date: Wed Feb 22 18:11:31 2006 Subject: Webmin module for MailScanner unavailable Message-ID: <34ffb0e34ff129.34ff12934ffb0e@shaw.ca> You should be able to get it from: http://easynews.dl.sourceforge.net/sourceforge/msfrontend/webmin-module-1.1-4.wbm Steve From dave.list at pixelhammer.com Wed Feb 22 18:11:59 2006 From: dave.list at pixelhammer.com (DAve) Date: Wed Feb 22 18:12:20 2006 Subject: Webmin module for MailScanner unavailable In-Reply-To: <43FCA62A.3020806@ecs.soton.ac.uk> References: <43FCA398.8020308@raventhorne.net> <43FCA62A.3020806@ecs.soton.ac.uk> Message-ID: <43FCA96F.2020808@pixelhammer.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Chris, > > Chris Leahy wrote: >> Hello Mr. Field, >> >> I've been attempting to obtain the Webmin module for some time. >> The better part of a year actually. The webmin site says that the >> module is GPL licensed, but I am unable to access the page. >> >> It requires authentication. Asks for a login and password to access >> the page >> in your link, which is the same link provided on the Webmin site. >> >> http://lushsoft.dyndns.org/mailscanner-webmin >> >> I have no credentials that will let me in and I cant find any information >> about how to gain access. >> >> I waited for so long simply because I can get by without it, but it >> would be >> nice to be able to manage it through webmin :-) > I don't know much about this, but someone on the list must be using it. > > Can anyone else help out this gentleman for me please? http://sourceforge.net/project/showfiles.php?group_id=83399 Is that what you are looking for? Google for "webmin mailscanner download", it's the forth hit. DAve > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQA/AwUBQ/ymKxH2WUcUFbZUEQLknQCglWWhreZoLuQ4jFGtqcv8jR13oqAAoKbY > MhFk6sD8IgGVIKGqnrSj/RYw > =abII > -----END PGP SIGNATURE----- > From KGoods at AIAInsurance.com Wed Feb 22 18:15:38 2006 From: KGoods at AIAInsurance.com (Ken Goods) Date: Wed Feb 22 18:19:52 2006 Subject: Webmin module for MailScanner unavailable Message-ID: <13C0059880FDD3118DC600508B6D4A6D013D8713@aiainsurance.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Chris, > > Chris Leahy wrote: >> Hello Mr. Field, >> >> I've been attempting to obtain the Webmin module for some time. >> The better part of a year actually. The webmin site says that the >> module is GPL licensed, but I am unable to access the page. >> >> It requires authentication. Asks for a login and password to access >> the page >> in your link, which is the same link provided on the Webmin site. >> >> http://lushsoft.dyndns.org/mailscanner-webmin >> >> I have no credentials that will let me in and I cant find any >> information about how to gain access. >> >> I waited for so long simply because I can get by without it, but it >> would be nice to be able to manage it through webmin :-) > I don't know much about this, but someone on the list must be using > it. > > Can anyone else help out this gentleman for me please? > Chris (& Jules), I have webmin-module-0.9.wbm ~460k dated April of 2004 Also have webmin-1.130-1.noarch.rpm ~8meg dated the same time. I don't use the webmin module for MailScanner as I found it wasn't working completely correct for me. However it is installed and seems to work mostly, I just haven't had a chance to test it thoroughly. The conf file is plenty easy to figure out and modify. I do however use webmin for grabbing files out of quarantine and uploading/downloading files form my Win workstation. Works great for that. Anyway I'd be happy to share what I have, let me know... Kind regards, Ken Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. From rcooper at dwford.com Wed Feb 22 18:35:47 2006 From: rcooper at dwford.com (Rick Cooper) Date: Wed Feb 22 18:36:10 2006 Subject: Webmin module for MailScanner unavailable In-Reply-To: <34ffb0e34ff129.34ff12934ffb0e@shaw.ca> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Steve > Mason > Sent: Wednesday, February 22, 2006 1:11 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: Webmin module for MailScanner unavailable > > > You should be able to get it from: > http://easynews.dl.sourceforge.net/sourceforge/msfrontend/webmin-module-1.1- 4.wbm > > Steve [...] That version is *far* better than the one available from the webmin site, and far more complete, so forget my comments as I was unaware this version was available. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at PDSCC.COM Wed Feb 22 18:36:38 2006 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Wed Feb 22 18:36:52 2006 Subject: MailScanner, postfix and exchange server as a gateway - try these In-Reply-To: <223f97700602220547m74f7834fr@mail.gmail.com> References: <43FC4563.4090909@enitech.com.au> Message-ID: <200602260601.WAA14084@sheridan.sibble.net> Anyone got a script modified to work with Samsung Contact 8.x? Our SC box behind mailscanner already rejects email for non-existant users, but that's after the MS relay tries to deliver it to the SC machine. I'd love to have the MS machine drop those connections... On 22 Feb 2006 at 14:47, Glenn Steen wrote: > Five words for you Pete... Put it in the wiki;-). > You should be able to upload the scripts (image or other file) too. > > -- Glenn > > On 22/02/06, Pete Russell wrote: > > The postfix method of recipient list is superior to milterahead in that > > it doesnt rely on Exchange being up to function correctly, therefore it > > reduces the functionality of your gateway. IMO > > > > Please find attched the script we plodded from some one else, fixed it > > up and used oursewlves. > > > > 1. It queries AD for ALL of the possible SMTP address for every user in > > the specified domain. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From Chris.Russell at knowledgeit.co.uk Wed Feb 22 18:48:47 2006 From: Chris.Russell at knowledgeit.co.uk (Chris Russell) Date: Wed Feb 22 18:52:48 2006 Subject: MailScanner can't keep up References: <20060222180643.11489.qmail@web52901.mail.yahoo.com> Message-ID: <1638CDD827D51E4D8E9B2741290E1C91070675@xcelsior> An embedded message was scrubbed... From: "Chris Russell" Subject: RE: MailScanner can't keep up Date: Wed, 22 Feb 2006 18:48:47 -0000 Size: 6937 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060222/4eb8f3d8/originalmail.eml -------------- next part -------------- The contents of this e-mail may be privileged and are confidential. It may not be disclosed to or used by anyone other than the addressee(s), nor copied in any way. Any views or opinions presented are solely those of the author and do not necessarily represent those of Knowledge Limited. If received in error, please advise the sender, then delete it from your system. From dnsadmin at 1bigthink.com Wed Feb 22 18:55:11 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Wed Feb 22 18:55:23 2006 Subject: Webmin module for MailScanner unavailable In-Reply-To: <43FCA96F.2020808@pixelhammer.com> References: <43FCA398.8020308@raventhorne.net> <43FCA62A.3020806@ecs.soton.ac.uk> <43FCA96F.2020808@pixelhammer.com> Message-ID: <6.2.3.4.0.20060222134816.05cf8c08@mxt.1bigthink.com> At 01:11 PM 2/22/2006, you wrote: >Julian Field wrote: >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >>Chris, >>Chris Leahy wrote: >>>Hello Mr. Field, >>> >>>I've been attempting to obtain the Webmin module for some time. >>>The better part of a year actually. The webmin site says that the >>>module is GPL licensed, but I am unable to access the page. >>> >>>It requires authentication. Asks for a login and password to access the page >>>in your link, which is the same link provided on the Webmin site. >>> >>>http://lushsoft.dyndns.org/mailscanner-webmin >>> >>>I have no credentials that will let me in and I cant find any information >>>about how to gain access. >>> >>>I waited for so long simply because I can get by without it, but it would be >>>nice to be able to manage it through webmin :-) >>I don't know much about this, but someone on the list must be using it. >>Can anyone else help out this gentleman for me please? > >http://sourceforge.net/project/showfiles.php?group_id=83399 > >Is that what you are looking for? Google for "webmin mailscanner >download", it's the forth hit. > >DAve The SourceForge link above will get you to the module that I use. Contrary to another post on this subject, this particular module is useful and usable. The previous post referring to an unusable module is probably correct for the module he/she had, because I had that module and it trashed my configs. Be aware that the 1.1.4 module linked above will not get at all the configuration options! You WILL need to get into the MailScanner.conf file yourself for some tweaks; especially for newer options. Also, be aware that eventually a newer version might cause this module to corrupt your configs. That said, it still works with 4.50 version. Cheers, Glenn From MailScanner at ecs.soton.ac.uk Wed Feb 22 18:56:58 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 22 18:57:05 2006 Subject: MailScanner can't keep up In-Reply-To: <20060222180643.11489.qmail@web52901.mail.yahoo.com> References: <20060222180643.11489.qmail@web52901.mail.yahoo.com> Message-ID: <43FCB3FA.1030107@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Drew Burchett wrote: > I have MailScanner 4.5 set up on Suse Linux 10.0 use > Postfix 2.2.3 as an MTA. Messages are being received > fine, but MailScanner is choking on the volume trying > to process them. According to MailWatch, I am > averaging receiving 700 messages per hour to be > scanned (tons more are being delivered, but filtered > by Postfix). On average, MailScanner is reporting > taking about 900 seconds per 15 message batch. I have > it limited to 10 child processes. The server it is > running on is a 3.0 Ghz with 512 Mb memory and a 40Gig > SCSI hard drive divided into three partitions. If you > need any other informaiton to help me diagnose this > problem, please let me know and I'll be glad to post it. > Add more RAM. With 10 child processes (I would advise 5 per CPU) you will need 2Gb of RAM. I bet that "vmstat 5" reports it is swapping like crazy (look for the si and sout figures). My advice is 5 children and 1GB RAM per CPU. Hyper-threaded processes still count as 1. RAM is cheap, go buy a shed load more. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBQ/yz+xH2WUcUFbZUEQIU1ACdFGsqwqb3fOK2ENGU/Z6om6lRVlAAn1h2 L+24XW14OhGwQImlcOGxOipM =MkAF -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at PDSCC.COM Wed Feb 22 18:57:40 2006 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Wed Feb 22 18:57:49 2006 Subject: Webmin module for MailScanner unavailable In-Reply-To: <43FCA62A.3020806@ecs.soton.ac.uk> References: <43FCA398.8020308@raventhorne.net> Message-ID: <200602260622.WAA14215@sheridan.sibble.net> On 22 Feb 2006 at 17:58, Julian Field wrote: > > I waited for so long simply because I can get by without it, but it > > would be > > nice to be able to manage it through webmin :-) > I don't know much about this, but someone on the list must be using it. > > Can anyone else help out this gentleman for me please? The website you want is http://sourceforge.net/projects/msfrontend I had the module installed on a machine that we recently retired. The readme file for the module gave the above site for downloads. It is still up, but last update on the module is from a year ago. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From Kevin_Miller at ci.juneau.ak.us Wed Feb 22 18:58:27 2006 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Feb 22 18:58:31 2006 Subject: Beta 4.51.1: "Add TNEF Contents" Message-ID: Julian Field wrote: > I have added a new option to allow the attachments contained within a > Microsoft TNEF ("Outlook Rich Text Format") to be added to the normal > attachments contained in the message. > > This means that non-Outlook users can still read the attachments put > in the message by badly configured Outlook or Exchange systems. > > Please can you give this option a try. It is switched on by default. So I'm a bit confused. With the latest MS TNEF attachments are disallowed by default. Is this new feature taking a TNEF attachment and rewriting it so that it's a normal attachment? Do we need to rem out the TNEF/RTF filtering in filename.rules.conf and filetype.rules.conf? I'm dropping inbound TNEF laden messages, but it seems that people on the outside are either slow learners or they can't get around their admins/servers. I've had people set their Outlook to plain text, but still have it filtered. (Or so they told me.) I suspect their Exchange server is set to always send in RTF. Kinda sucks. Sooner or later I'll probably have to open up the gates again... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From DrewB at united-systems.com Wed Feb 22 19:02:25 2006 From: DrewB at united-systems.com (Drew Burchett) Date: Wed Feb 22 19:02:52 2006 Subject: MailScanner can't keep up Message-ID: <1E75E79B854C814784D0E8C5BA55AF7632643A@uss2k01.united-systems.local> It's definitely having a memory issue. It's using all available. However, reducing the number of children, or even the number of mails scanned per pass doesn't seem to speed anything up. I think there may be some issue with either the base machine configuration or possibly a hardware issue. I've started forwarding all the traffic to a machine half the size of this one and it's keeping up just fine. Looks like a reformat and reinstall may be in order, but any other suggestions are more than welcome. And yes, 512Mb is not a lot for a mail scanner, but I can't seem to get my boss to spring for any more. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Chris Russell Sent: Wednesday, February 22, 2006 12:49 PM To: MailScanner discussion Subject: RE: MailScanner can't keep up The contents of this e-mail may be privileged and are confidential. It may not be disclosed to or used by anyone other than the addressee(s), nor copied in any way. Any views or opinions presented are solely those of the author and do not necessarily represent those of Knowledge Limited. If received in error, please advise the sender, then delete it from your system. -- CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Feb 22 19:04:45 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 22 19:04:50 2006 Subject: MailScanner, postfix and exchange server as a gateway - try these In-Reply-To: <200602260601.WAA14084@sheridan.sibble.net> References: <43FC4563.4090909@enitech.com.au> <200602260601.WAA14084@sheridan.sibble.net> Message-ID: <43FCB5CD.20904@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Use milter-ahead to check the recipients are valid. Very simple to setup and works like a dream. A lot faster than you would think, too. Harondel J. Sibble wrote: > Anyone got a script modified to work with Samsung Contact 8.x? Our SC box > behind mailscanner already rejects email for non-existant users, but that's > after the MS relay tries to deliver it to the SC machine. I'd love to have > the MS machine drop those connections... > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBQ/y1zhH2WUcUFbZUEQJv7ACgqAAF6vhgfF7y+WLvLR6qreuJYUcAn02e 11jp69C7HwtCYu3G1S7GpfZr =Jfbl -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Feb 22 19:07:27 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 22 19:07:37 2006 Subject: {Dangerous Filename?} RE: MailScanner can't keep up In-Reply-To: <1638CDD827D51E4D8E9B2741290E1C91070675@xcelsior> References: <20060222180643.11489.qmail@web52901.mail.yahoo.com> <1638CDD827D51E4D8E9B2741290E1C91070675@xcelsior> Message-ID: <43FCB66F.5070504@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chris Russell wrote: > Warning: This message has had one or more attachments removed > Warning: (winmail.dat). > Warning: Please read the "ECS-Attachment-Warning.txt" attachment(s) for more information. > > > > > ------------------------------------------------------------------------ > > Subject: > RE: MailScanner can't keep up > From: > "Chris Russell" > Date: > Wed, 22 Feb 2006 18:48:47 -0000 > To: > "MailScanner discussion" > > To: > "MailScanner discussion" > > >> by Postfix). On average, MailScanner is reporting >> taking about 900 seconds per 15 message batch. I have >> it limited to 10 child processes. The server it is >> running on is a 3.0 Ghz with 512 Mb memory and a 40Gig >> > > What is the output of top ? 512 Mb of memory is very small by modern standards and I would think your main issue is memory. MailScanner is causing the system to swap out and hence slowing things right down. > > I read somewhere that each child takes up 20Mb of memory, but on our systems top thinks its more like 200-300Mb each. I would guess this is dependant on SpamAssassin features being enabled etc. > Where did you see the 20Mb per child? I find it's more like 700/5 = 140Mb per child. Which roughly matches your measurement. I recommend 1Gb RAM per CPU as a minimum. Anything less than that and it will start swapping. Say goodnight to your performance at that point :-( - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBQ/y2bxH2WUcUFbZUEQIDfgCg0g0CfC6a6Tvm7/pNIyuci+SPgrAAnRps F5BoG9S2tKwftTnkxJD1kpTf =BYLD -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Feb 22 19:26:09 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 22 19:26:16 2006 Subject: MailScanner can't keep up In-Reply-To: <1E75E79B854C814784D0E8C5BA55AF7632643A@uss2k01.united-systems.local> References: <1E75E79B854C814784D0E8C5BA55AF7632643A@uss2k01.united-systems.local> Message-ID: <43FCBAD1.2080303@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Drew Burchett wrote: > It's definitely having a memory issue. It's using all available. > However, reducing the number of children, or even the number of mails > scanned per pass doesn't seem to speed anything up. I think there may > be some issue with either the base machine configuration or possibly a > hardware issue. I've started forwarding all the traffic to a machine > half the size of this one and it's keeping up just fine. Looks like a > reformat and reinstall may be in order, but any other suggestions are > more than welcome. > You should be able to run 1 child in 512Mb without too much of a problem. Make sure nothing else is hogging memory (e.g. nscd). > And yes, 512Mb is not a lot for a mail scanner, but I can't seem to get > my boss to spring for any more. > The amount of money your wasted time is costing him is far more than the cost of the RAM. Point that out to him and see if he reacts. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Chris > Russell > Sent: Wednesday, February 22, 2006 12:49 PM > To: MailScanner discussion > Subject: RE: MailScanner can't keep up > > The contents of this e-mail may be privileged and are confidential. > It may not be disclosed to or used by anyone other than the > addressee(s), nor copied in any way. Any views or opinions presented are > solely those of the author and do not necessarily represent those of > Knowledge Limited. > > If received in error, please advise the sender, then delete it from your > system. > > -- > CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBQ/y60hH2WUcUFbZUEQKrgwCfRIdTG7HvuyDXYUXbaHVKOrp0nZIAoJ5w yIM2lbr+0mJiRy3qcnG9H88v =AHru -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Feb 22 19:30:12 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Feb 22 19:30:17 2006 Subject: Beta 4.51.1: "Add TNEF Contents" In-Reply-To: References: Message-ID: <43FCBBC4.5060906@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kevin Miller wrote: > Julian Field wrote: > > >> I have added a new option to allow the attachments contained within a >> Microsoft TNEF ("Outlook Rich Text Format") to be added to the normal >> attachments contained in the message. >> >> This means that non-Outlook users can still read the attachments put >> in the message by badly configured Outlook or Exchange systems. >> >> Please can you give this option a try. It is switched on by default. >> > > So I'm a bit confused. With the latest MS TNEF attachments are > disallowed by default. Due to a current security issue with TNEF handling in Microsoft code. You may choose to disable this block. Hopefully Microsoft will fix this issue pretty fast, it should be in an Office update. So this block is temporary, it's not intended to be permanently in there. > Is this new feature taking a TNEF attachment and > rewriting it so that it's a normal attachment? Do we need to rem out > the TNEF/RTF filtering in filename.rules.conf and filetype.rules.conf? > Having not seen any new evidence of exploits of the TNEF bug, you can probably fairly safely remove the filtering from filename.rules.conf and filetype.rules.conf. > I'm dropping inbound TNEF laden messages, but it seems that people on > the outside are either slow learners or they can't get around their > admins/servers. I've had people set their Outlook to plain text, but > still have it filtered. (Or so they told me.) I suspect their Exchange > server is set to always send in RTF. Kinda sucks. Sooner or later I'll > probably have to open up the gates again... > Whatever they set their Outlook settings to, Exchange Server will over-ride them. I think you'll have to open the gates again. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBQ/y7xBH2WUcUFbZUEQJpigCg0+NQb4/0NdJHojDItUHln8WoHi4AoK+R l/u5c48T1Ltw819iM9YwOtme =66jy -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at PDSCC.COM Wed Feb 22 19:42:31 2006 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Wed Feb 22 19:42:40 2006 Subject: MailScanner, postfix and exchange server as a gateway - try these In-Reply-To: <43FCB5CD.20904@ecs.soton.ac.uk> References: <200602260601.WAA14084@sheridan.sibble.net> Message-ID: <200602260707.XAA14596@sheridan.sibble.net> On 22 Feb 2006 at 19:04, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Use milter-ahead to check the recipients are valid. Very simple to setup > and works like a dream. A lot faster than you would think, too. Correct me if I am wrong, but doesn't that require sendmail? Also anyone have a good script to get the recipient list from Samsung Contact? . From what I remember, their LDAP implementation is.... rather .... interesting..... -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From Edge at twu.ca Wed Feb 22 20:55:08 2006 From: Edge at twu.ca (Richard Edge) Date: Wed Feb 22 21:13:41 2006 Subject: mail delivery problems Message-ID: I am suddenly have mail delivery problems and am seeing entries like the following in the error logs: Feb 22 12:07:56 mx10 MailScanner[12767]: Could not chdir to /var/spool/MailScanner/incoming/6108/9A64E768.33D42 just before unpacking extra message parts Feb 22 12:07:56 mx10 MailScanner[12767]: Could not chdir to /var/spool/MailScanner/incoming/6108/74AC3778.E24D9 just before unpacking extra message parts Feb 22 12:07:57 mx10 MailScanner[12767]: Could not chdir to /var/spool/MailScanner/incoming/6108/60AF5B40.A5500 just before unpacking extra message parts Feb 22 12:07:57 mx10 MailScanner[12767]: Could not chdir to /var/spool/MailScanner/incoming/6108/748607DD.66194 just before unpacking extra message parts What could be causing this and is it related to my email delivery problems. It was reported to me by one of our users that there seem to be long delays in email delivery. When checking mx10.twu.ca this morning I grepped the logs for 'New Batch' and though it was reporting that messages were being found and processed and the number of new messages changed regulary at the time I checked this morning it was reporting about 800+ messages being found. After the report I received I checked again and see that there are now 1700+ plus new message found and the number keeps increasing. PS does not report any orphaned or defnct processes and I can find any errors in the other system logs. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge@twu.ca | www.twu.ca/technology -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4610 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060222/b1607653/smime.bin From pete at enitech.com.au Wed Feb 22 21:41:27 2006 From: pete at enitech.com.au (Peter Russell) Date: Wed Feb 22 21:41:42 2006 Subject: MailScanner, postfix and exchange server as a gateway - try these In-Reply-To: <223f97700602220547m74f7834fr@mail.gmail.com> References: <43FAFB76.8090708@nmc.abacus.com.my> <000801c636dd$276f0f60$3004010a@martinhlaptop> <1140528262.8711.125.camel@localhost.localdomain> <43FC4563.4090909@enitech.com.au> <223f97700602220547m74f7834fr@mail.gmail.com> Message-ID: <43FCDA87.2060504@enitech.com.au> Cool thanks the reason i didnt was cos i cant really host the files anywhere reliable - solved, i will put itt in before the weekend. Pete Glenn Steen wrote: > Five words for you Pete... Put it in the wiki;-). > You should be able to upload the scripts (image or other file) too. > > -- Glenn > > On 22/02/06, Pete Russell wrote: > >>The postfix method of recipient list is superior to milterahead in that >>it doesnt rely on Exchange being up to function correctly, therefore it >>reduces the functionality of your gateway. IMO >> >>Please find attched the script we plodded from some one else, fixed it >>up and used oursewlves. >> >>1. It queries AD for ALL of the possible SMTP address for every user in >>the specified domain. >>2. Check that you havent tried to create an empty file (nothing worse >>than a 0byte recipiuent map) >>3. Writes the recipient map and runs postmap. >>4. emails you any error messages so you know what the script is failing. >> >>Simply add the lines to main.cf (we use multiple maps) >> >>relay_recipient_maps = hash:/etc/postfix/1-relay_recipients, >> hash:/etc/postfix/2-relay_recipients, >> >>I have the scripts attached to queries Lotus Domino (we use R5) and MS >>AD (we use 2003) >> >>You can see in the script its a sinmple matter to create ANY variation, >>or use regexp to write your maps to cover all the possible valid >>username variations for your company. >> >>Obviously since we made these i have been looking at using regexp, which >>would make easy work of combining heaps of this script into something >>much smaller/smarter. >> >>Hope it helps someone >> >> >>Steve Freegard wrote: >> >>>On Tue, 2006-02-21 at 11:51 +0000, Martin Hepworth wrote: >>> >>> >>>>For my view, better the devil you know...both are valid, as is exim or >>>>qmail. >>> >>> >>>Indeed - for Exim users - this: >>>http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20040816/msg00126.html might be a good alternative. >>> >>> >>> >>>>For sendmail you'll need to configure milter-ahead, see this.. >>>>http://www.fsl.com/support/Milter-Ahead-Exchange-Settings.pdf >>> >>> >>>Note that milter-ahead will only work correctly with Exchange 2003 as >>>it's the only version of Exchange that can be configured to actually >>>*reject* invalid users. >>> >>>Otherwise you have to fall back on the Postfix-style method and create a >>>valid user list. >>> >>>Cheers, >>>Steve. >>> >> >> >>#!/usr/bin/perl -w >> >># LOTUS DOMINO LDAP DIRECTORY - USERNAMES >># This script will pull all users' SMTP addresses from your Lotus Domino Directory >># and list them in the # format "user@example.com OK" which Postfix uses with >># relay_recipient_maps. >># Be sure to double-check the path to perl above. >> >># This requires Net::LDAP to be installed. To install Net::LDAP, at a shell >># type "perl -MCPAN -e shell" and then "install Net::LDAP" >> >>use Net::LDAP; >>use Mail::Mailer; >>use Fcntl qw(:DEFAULT :flock); >> >># Enter the path to your Postfix relay_recipient_maps file >>$RelayRecipientMaps = '/etc/postfix/1-relay_recipients'; >>$RecipientMaps = '1-relay_recipients'; >># Script Number >>$sno="Script 1"; >> >># enter the path to the postmap command (or you MTAs equivelent) >>$PostmapPath = "/usr/sbin/postmap"; >># Enter the path to your log >>$HistoryLog = '/etc/postfix/.1-ldap_count'; >> >># Enter the tmp file path >>$RandomValue = rand(9999) * rand(9999); >>$TmpFile = '/etc/postfix/.1-ldap_tmp' . "$$" . ".$RandomValue"; >>if (-e $TmpFile) { >> # Something fishy is going on. Try another file name. >> $RandomValue = rand(9999999) * rand(9999999); >> $TmpFile = '/usr/local/etc/postfix/.1-ldap_tmp' . "$$" . ".$RandomValue"; >> if (-e $TmpFile) { >> &ErrorLog("$sno - Temp file creation failed", "The tmp file $TmpFile already exists after two attempts at different file names. Update aborted."); >> } >>} >> >># Enter the maximum variances permitted before the script will fai >>$UCD="50"; >> >># Enter the FQDN of your Lotus Domino Directory below >>$dc1="notes.domain.com"; >>$dc2="10.1.10.4"; >> >># Enter the LDAP container for your userbase. >># The syntax is CN=Users,dc=example,dc=com >># This can be found by installing the Windows 2000 Support Tools >># then running ADSI Edit. >># I use Softerra LDAP Browser to nav the LDAP tree and work out base, >># username etc. >># LDAP://domaincontroller1.example.com/CN=Users,DC=example,DC=com >># which would be $hqbase="cn=Users,dc=example,dc=com" >>$hqbase="o=Domain"; >> >># Enter the username & password for a valid user in your Domino Directory >># with username in the form cn=username >># Make sure the user's password does not expire. Note that this user >># does not require any special privileges. >># You can double-check this by typing the Internet Password >># in the users person doc. >># LDAP://domaincontroller1.example.com/CN=user,CN=Users,DC=example,DC=com >># which would be $user="cn=user,cn=Users,dc=example,dc=com" >>$user="cn=Administrator"; >>$passwd="password"; >> >># Enter the domain you want to append to your groupnames. >># we implemented this so we could write maps that included new subdomains etc >># that didnt appear in person doc info. (Global Domain docs) >> >>$domain1="domain1.com.au"; >>$domain2="sub.domain1.com.au"; >>$domain3="domain1.edu.au"; >> >># Postmaster email address - send all error messages here. >>$postmaster='prussell@domain1.com.au'; >> >># That's it, you're done. (Unless you want to play with the LDAP filters below). >> >> >> >> >># TAB/SPACE you want to use to seperate the >># email address and the permission eg prussell@domain1.com TAB/SPACE OK >> >>$sep="\t"; >> >># Type of permission, eg REJECT or OK >>$perm="OK"; >># Connecting to Lotus Domino Directory >>$noldapserver=0; >>$ldap = Net::LDAP->new($dc1) or >> $noldapserver=1; >>if ($noldapserver == 1) { >> $ldap = Net::LDAP->new($dc2) or &ErrorLog("$sno - No LDAP Server", "Cannot Access the LDAP server $dc2"); >>} >> >>$mesg = $ldap->bind ( dn => $user, password =>$passwd); >> >>if ( $mesg->code()) { >> &ErrorLog("Bad Password", "The password was invalid. Updated aborted."); >>} >> >>$searchbase = $hqbase; >> >># Searching for users that are mail-enabled >>$mesg = $ldap->search (base => $searchbase, >> filter => "(|(givenname=*)(sn=*)(shortname=*))", >> attrs => "mail"); >> >>$entries = $mesg->count; >> >>if ($entries lt 1) { >># die ($errormail); >> &ErrorLog("$sno - No LDAP queries matched your search", "No data was returned. Updated aborted"); >> #die ("error:", Connection to LDAP successfull. But nothing matched your search criteria"\n"); >>} >> >>my $UserCount = 0; >>open(OUT,">$TmpFile"); >>flock(OUT, LOCK_EX); >># Filtering results for name variations. >>foreach my $entry ( $mesg->entries ) { >> $UserCount++; >> >> # SHORT NAME VARIATIONS - This will collect ALL shortnames for all users. >> # prussell@, pruss@, pete@, russell@ >> foreach my $tmp ( $entry->get_value( "shortname" ) ) { >> print OUT $tmp."\@$domain1$sep$perm\n"; >> print OUT $tmp."\@$domain2$sep$perm\n"; >> print OUT $tmp."\@$domain3$sep$perm\n"; >> >> # First initial.lastname $tmp >> # p.russell@ >> ($firstchar,$therest) = split(//,$tmp,2); >> $userwithdot = "$firstchar.$therest"; >> print OUT $userwithdot."\@$domain1$sep$perm\n"; >> print OUT $userwithdot."\@$domain2$sep$perm\n"; >> } >> >> # FULL NAME >> # pete.russell@ >> $sn = $entry->get_value( "sn" ); >> $fn = $entry->get_value( "givenname" ); >> print OUT "$fn.$sn\@$domain1$sep$perm\n"; >> print OUT "$fn.$sn\@$domain2$sep$perm\n"; >>} >>#close(OUT); >>flock(OUT, LOCK_UN); >>close(OUT); >> >># Unbinding >>$ldap->unbind; >> >>if (!(-e $HistoryLog)) { >> # first time run, or someone erased our count file >># system("/usr/bin/touch","$HistoryLog"); >>system("/bin/echo 0 > $HistoryLog"); >>} >>open(COUNT,"$HistoryLog") or &ErrorLog("$sno - History Log", "Unable to open $HistoryLog for reading: $!"); >>$CountLine = ; >>chomp($CountLine); >>if ($CountLine =~ /^(?:\d+)$/) { >> if ($CountLine - $UserCount > $UCD) { >> &ErrorLog("$sno - Results are down by $UCD", "Possible export corruption"); >> } >>} else { &ErrorLog("$sno - Count file is corrupt", "LastCount file is corrupt"); } >>close(COUNT); >> >>open(COUNT,">$HistoryLog") or &ErrorLog("History Log", "Unable to open $HistoryLog for writing: $!"); >>seek(COUNT, 0, 0); >>print COUNT "$UserCount\n"; >>close(COUNT); >> >> >>if (-e "$RelayRecipientMaps") { >> if (-e "$RelayRecipientMaps.backup") { >> unlink("$RelayRecipientMaps.backup"); >> } >>} >> >>system("/bin/cat $TmpFile > /usr/local/postfix/$RecipientMaps"); >>system("/bin/mv","$TmpFile","$RelayRecipientMaps"); >>system("$PostmapPath","$RelayRecipientMaps"); >>exit; >> >> >>sub ErrorLog { >> $Subject = "$_[0]"; >> $Message = "$_[1]"; >> >> my $mail = Mail::Mailer->new("sendmail"); >> $mail->open({ >> "From" => "$sno ", >> "To" => "$postmaster", >> "Subject" => "$Subject"}); >> print $mail "$Message\n"; >> $mail->close(); >> exit; >>} >> >> >>#!/usr/bin/perl -w >> >># This script will pull all users' SMTP addresses from your Active Directory >># (including primary and secondary email addresses) and list them in the >># format "user@example.com OK" which Postfix uses with relay_recipient_maps. >># Be sure to double-check the path to perl above. >> >># This requires Net::LDAP to be installed. To install Net::LDAP, at a shell >># type "perl -MCPAN -e shell" and then "install Net::LDAP" >> >>use Net::LDAP; >>use Net::LDAP::Control::Paged; >>use Net::LDAP::Constant ( "LDAP_CONTROL_PAGED" ); >> >># Enter the path/file for the output >>$VALID = "/root/5-relay_recipients"; >>open VALID, ">$VALID" or die "CANNOT OPEN $VALID $!"; >> >>$RecipientMaps = '5-relay_recipients'; >> >># Enter the FQDN of your Active Directory domain controllers below >>$dc1="10.1.10.8"; >>$dc2="10.2.2.32"; >> >># Enter the LDAP container for your userbase. >># The syntax is CN=Users,dc=mbs,dc=edu >># This can be found by installing the Windows 2000 Support Tools >># then running ADSI Edit. >># In ADSI Edit, expand the "Domain NC [domaincontroller1.example.com]" & >># you will see, for example, DC=example,DC=com (this is your base). >># The Users Container will be specified in the right pane as >># CN=Users depending on your schema (this is your container). >># You can double-check this by clicking "Properties" of your user >># folder in ADSI Edit and examining the "Path" value, such as: >># LDAP://domaincontroller1.example.com/CN=Users,DC=example,DC=com >># which would be $hqbase="cn=Users,dc=example,dc=com" >># Note: You can also use just $hqbase="dc=example,dc=com" >>$hqbase="dc=domain,dc=local"; >> >># Enter the username & password for a valid user in your Active Directory >># with username in the form cn=username,cn=Users,dc=example,dc=com >># Make sure the user's password does not expire. Note that this user >># does not require any special privileges. >># You can double-check this by clicking "Properties" of your user in >># ADSI Edit and examining the "Path" value, such as: >># LDAP://domaincontroller1.example.com/CN=user,CN=Users,DC=example,DC=com >># which would be $user="cn=user,cn=Users,dc=example,dc=com" >># Note: You can also use the UPN login: "user\@example.com" >>$user="CN=grice,OU=Public Accounts,OU=Enterprise,DC=domain,DC=local"; >>$passwd="password"; >> >># Connecting to Active Directory domain controllers >>$noldapserver=0; >>$ldap = Net::LDAP->new($dc1) or >> $noldapserver=1; >>if ($noldapserver == 1) { >> $ldap = Net::LDAP->new($dc2) or >> die "Error connecting to specified domain controllers $@ \n"; >>} >> >>$mesg = $ldap->bind ( dn => $user, >> password =>$passwd); >>if ( $mesg->code()) { >> die ("error:", $mesg->code(),"\n"); >>} >> >># How many LDAP query results to grab for each paged round >># Set to under 1000 for Active Directory >>$page = Net::LDAP::Control::Paged->new( size => 990 ); >> >>@args = ( base => $hqbase, >># Play around with this to grab objects such as Contacts, Public Folders, etc. >># A minimal filter for just users with email would be: >># filter => "(&(sAMAccountName=*)(mail=*))" >> filter => "(& (mailnickname=*) (| (&(objectCategory=person) >> (objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*))) >> (&(objectCategory=person)(objectClass=user)(|(homeMDB=*) >> (msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact)) >> (objectCategory=group)(objectCategory=publicFolder) ))", >> control => [ $page ], >> attrs => "proxyAddresses", >>); >> >>my $cookie; >>while(1) { >> # Perform search >> my $mesg = $ldap->search( @args ); >> >># Filtering results for proxyAddresses attributes >> foreach my $entry ( $mesg->entries ) { >> my $name = $entry->get_value( "cn" ); >> # LDAP Attributes are multi-valued, so we have to print each one. >> foreach my $mail ( $entry->get_value( "proxyAddresses" ) ) { >> # Test if the Line starts with one of the following lines: >> # proxyAddresses: [smtp|SMTP]: >> # and also discard this starting string, so that $mail is only the >> # address without any other characters... >> if ( $mail =~ s/^(smtp|SMTP)://gs ) { >> print VALID $mail." \t OK\n"; >> } >> } >> } >> >> # Only continue on LDAP_SUCCESS >> $mesg->code and last; >> >> # Get cookie from paged control >> my($resp) = $mesg->control( LDAP_CONTROL_PAGED ) or last; >> $cookie = $resp->cookie or last; >> >> # Set cookie in paged control >> $page->cookie($cookie); >>} >> >>if ($cookie) { >> # We had an abnormal exit, so let the server know we do not want any more >> $page->cookie($cookie); >> $page->size(0); >> $ldap->search( @args ); >> # Also would be a good idea to die unhappily and inform OP at this point >> die("LDAP query unsuccessful"); >>} >># Add additional restrictions, users, etc. to the output file below. >>#print VALID "user\@domain1.com OK\n"; >>#print VALID "user\@domain2.com 550 User unknown.\n"; >>#print VALID "domain3.com 550 User does not exist.\n"; >> >>close VALID; >>system("/bin/cat $VALID > /usr/postfix/$RecipientMaps"); >>system("/usr/sbin/postmap","$VALID"); >> >> >> >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! >> >> >> > > > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se From pete at enitech.com.au Wed Feb 22 21:43:06 2006 From: pete at enitech.com.au (Peter Russell) Date: Wed Feb 22 21:43:16 2006 Subject: MailScanner, postfix and exchange server as a gateway - try these In-Reply-To: <200602260601.WAA14084@sheridan.sibble.net> References: <43FC4563.4090909@enitech.com.au> <200602260601.WAA14084@sheridan.sibble.net> Message-ID: <43FCDAEA.8030104@enitech.com.au> Is it LDAP based? If so then it should be EASY. Have a look at the Domino script i posted, look at the lines that do the filtering. Go and get and LDAP browser tool with a gui, like softera LDAP browser and go and look at your directory for the name of the field you neeed to filter and replace the line in the script. Harondel J. Sibble wrote: > Anyone got a script modified to work with Samsung Contact 8.x? Our SC box > behind mailscanner already rejects email for non-existant users, but that's > after the MS relay tries to deliver it to the SC machine. I'd love to have > the MS machine drop those connections... > > On 22 Feb 2006 at 14:47, Glenn Steen wrote: > > >>Five words for you Pete... Put it in the wiki;-). >>You should be able to upload the scripts (image or other file) too. >> >>-- Glenn >> >>On 22/02/06, Pete Russell wrote: >> >>>The postfix method of recipient list is superior to milterahead in that >>>it doesnt rely on Exchange being up to function correctly, therefore it >>>reduces the functionality of your gateway. IMO >>> >>>Please find attched the script we plodded from some one else, fixed it >>>up and used oursewlves. >>> >>>1. It queries AD for ALL of the possible SMTP address for every user in >>>the specified domain. > > From mrm at medicine.wisc.edu Wed Feb 22 22:04:10 2006 From: mrm at medicine.wisc.edu (Michael Masse) Date: Wed Feb 22 22:04:31 2006 Subject: dropping based on attachment code signatures Message-ID: >>> MailScanner@ecs.soton.ac.uk 2/22/2006 10:29:04 AM >>> -----BEGIN PGP SIGNED MESSAGE----- Please define "code signature". >>>>> Sorry I wasn't clear. If an attachment has a specified code segment I'd like to be able to not deliver the email. For example, .wmf files can easily be renamed to .jpg, yet if you double click on them they run as wmf files. MS has issued a patch for this, but before they did it was nice to have a filter in place to strip these attachments out. The procmail filter I used to do this used the od program to check the first 4 bytes of every attachment for the string 9ac6cdd7 and if found it's a wmf file and therefore the email is not delivered. I was just wondering if it's possible to do similar operations in MS not so much for current exploits, but future ones if needed, primarily due to lag time between when an exploit is exposed to the wild and the time it takes for patches and anti-virus vendors to recognize the exploit. Mike From alex at nkpanama.com Wed Feb 22 22:14:52 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Feb 22 22:14:57 2006 Subject: dropping based on attachment code signatures In-Reply-To: References: Message-ID: <43FCE25C.1020905@nkpanama.com> Have you tried using the "file" command and editing the "magic" file, then adding a rule to filetype.rules? Michael Masse wrote: > >>>> MailScanner@ecs.soton.ac.uk 2/22/2006 10:29:04 AM >>> >>>> > -----BEGIN PGP SIGNED MESSAGE----- > > Please define "code signature". > > > > Sorry I wasn't clear. If an attachment has a specified code segment I'd like to be able to not deliver the email. For example, .wmf files can easily be renamed to .jpg, yet if you double click on them they run as wmf files. MS has issued a patch for this, but before they did it was nice to have a filter in place to strip these attachments out. The procmail filter I used to do this used the od program to check the first 4 bytes of every attachment for the string 9ac6cdd7 and if found it's a wmf file and therefore the email is not delivered. I was just wondering if it's possible to do similar operations in MS not so much for current exploits, but future ones if needed, primarily due to lag time between when an exploit is exposed to the wild and the time it takes for patches and anti-virus vendors to recognize the exploit. > > Mike > > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060222/fe08f446/attachment.html From Chris.Russell at knowledgeit.co.uk Wed Feb 22 23:25:24 2006 From: Chris.Russell at knowledgeit.co.uk (Chris Russell) Date: Wed Feb 22 23:26:03 2006 Subject: {Dangerous Filename?} RE: MailScanner can't keep up References: <20060222180643.11489.qmail@web52901.mail.yahoo.com><1638CDD827D 51E4D8E9B2741290E1C91070675@xcelsior> <43FCB66F.5070504@ecs.soton.ac.uk> Message-ID: <1638CDD827D51E4D8E9B2741290E1C91070676@xcelsior> An embedded message was scrubbed... From: "Chris Russell" Subject: RE: {Dangerous Filename?} RE: MailScanner can't keep up Date: Wed, 22 Feb 2006 23:25:24 -0000 Size: 6653 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060222/d0d88cfc/originalmail.eml -------------- next part -------------- The contents of this e-mail may be privileged and are confidential. It may not be disclosed to or used by anyone other than the addressee(s), nor copied in any way. Any views or opinions presented are solely those of the author and do not necessarily represent those of Knowledge Limited. If received in error, please advise the sender, then delete it from your system. From mrm at medicine.wisc.edu Thu Feb 23 00:33:15 2006 From: mrm at medicine.wisc.edu (Michael Masse) Date: Thu Feb 23 00:33:56 2006 Subject: dropping based on attachment code signatures Message-ID: That works perfectly. Thanks for the tip. I just didn't know what to search for is all. Mike >>> alex@nkpanama.com 2/22/2006 4:14:52 PM >>> Have you tried using the "file" command and editing the "magic" file, then adding a rule to filetype.rules? Michael Masse wrote: > >>>> MailScanner@ecs.soton.ac.uk 2/22/2006 10:29:04 AM >>> >>>> > -----BEGIN PGP SIGNED MESSAGE----- > > Please define "code signature". > > > > Sorry I wasn't clear. If an attachment has a specified code segment I'd like to be able to not deliver the email. For example, .wmf files can easily be renamed to .jpg, yet if you double click on them they run as wmf files. MS has issued a patch for this, but before they did it was nice to have a filter in place to strip these attachments out. The procmail filter I used to do this used the od program to check the first 4 bytes of every attachment for the string 9ac6cdd7 and if found it's a wmf file and therefore the email is not delivered. I was just wondering if it's possible to do similar operations in MS not so much for current exploits, but future ones if needed, primarily due to lag time between when an exploit is exposed to the wild and the time it takes for patches and anti-virus vendors to recognize the exploit. > > Mike > > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From terry at hankyu.com.hk Thu Feb 23 01:34:20 2006 From: terry at hankyu.com.hk (Terry WONG/ Hankyu HKG) Date: Thu Feb 23 01:30:41 2006 Subject: Email missing for some of recipients Message-ID: <00af01c63819$46e2e2d0$8d00a8c0@HITHKG.hankyu.com.hk> Hello, I'm using Mailscanner 4.40.11-1 on Redhat Linux 9. I often having trouble on lost email messages. Usually the email will be send to several users and CC several users too. I saw in the Mailwatch showing the message were successfully deliver to those users. However, some users complains they haven't got such message while some of them have. I suspect this situation was caused by the Mailscanner overloaded. Would anyone having the same problem could give me some hints to solve this problem? Thanks!! Best Regards, Terry WONG -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060223/e562071d/attachment.html From ecj at telpacific.com.au Thu Feb 23 02:16:17 2006 From: ecj at telpacific.com.au (ecj@telpacific.com.au) Date: Thu Feb 23 02:16:55 2006 Subject: redirecting In-Reply-To: <43FC622A.9020500@nkpanama.com> References: <2734.203.88.231.77.1140574299.squirrel@203.88.231.77> <625385e30602220107u5c6d5a9aj91c846de9a84e86c@mail.gmail.com> <43FC622A.9020500@nkpanama.com> Message-ID: <1741.203.88.231.77.1140660977.squirrel@203.88.231.77> Thanks for the reply guys. What I want to do is make the filtering on the server side. I'm running imap so like yahoo/hotmail, junk emails will automatically go to their 'junk' folder and users can access them either with their client using IMAP or webmail. So what do you think is better to do: 1. Just prepend the subject with like: Subject: Probable Spam 2. Add an extra header like: X-Spam = Y/N Then in either way, emails will be scanned and if found to be spam, will go to the junk folder. So you think the best way to filter this is thru procmail? Oh wait, I'm using MySQL to auth users BTW. Cheers. Edward > You may also be able to do this with MailScanner + a procmail script > (someone please correct/enlighten me about something like this). > > Now that I think of it, could someone post a procmail recipe (or help > with googling one from somewhere) that would automagically put > everything that MailScanner marks as SPAM into a Junk folder? > > shuttlebox wrote: >> On 2/22/06, *ecj@telpacific.com.au * >> > wrote: >> >> Hello all. It's my first post. >> I haven't read all the docs on MailScanner yet because I want to >> make sure >> that what I am planning to do is possible. I've just been on this >> job for >> almost a month and I was assigned this project. What my boss wants >> is to >> redirect all spam mails intended for a select list of users' 'junk >> folder.' Much the same way as Yahoo and Hotmail. >> Can this be done thru MailScanner? >> Sorry again. I just need a quick answer before I delve into the >> mailing >> list archives and documentations. >> >> >> If you mean a local junk folder in your mail client you need to set it >> up with a filter, all mail clients can do that (Outlook/Thunderbird >> and so on). MailScanner can add X-headers and/or changes in the >> subject line ({Spam?} at the start) for it to trigger on. You can also >> sort on spam score. >> >> -- >> /peter > > -- > > Alex Neuman van der Hans > N&K Technology Consultants > Tel. +507 214-9002 - http://nkpanama.com/ > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From alex at nkpanama.com Thu Feb 23 03:07:40 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Feb 23 03:07:53 2006 Subject: dropping based on attachment code signatures In-Reply-To: References: Message-ID: <43FD26FC.7090207@nkpanama.com> Glad to help. Michael Masse wrote: > That works perfectly. Thanks for the tip. I just didn't know what to search for is all. > > Mike > > > >>>> alex@nkpanama.com 2/22/2006 4:14:52 PM >>> >>>> > Have you tried using the "file" command and editing the "magic" file, > then adding a rule to filetype.rules? > > Michael Masse wrote: > >> >> >>>>> MailScanner@ecs.soton.ac.uk 2/22/2006 10:29:04 AM >>> >>>>> >>>>> >> -----BEGIN PGP SIGNED MESSAGE----- >> >> Please define "code signature". >> >> >> >> Sorry I wasn't clear. If an attachment has a specified code segment I'd like to be able to not deliver the email. For example, .wmf files can easily be renamed to .jpg, yet if you double click on them they run as wmf files. MS has issued a patch for this, but before they did it was nice to have a filter in place to strip these attachments out. The procmail filter I used to do this used the od program to check the first 4 bytes of every attachment for the string 9ac6cdd7 and if found it's a wmf file and therefore the email is not delivered. I was just wondering if it's possible to do similar operations in MS not so much for current exploits, but future ones if needed, primarily due to lag time between when an exploit is exposed to the wild and the time it takes for patches and anti-virus vendors to recognize the exploit. >> >> Mike >> >> >> >> > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060222/091db008/attachment.html From alex at nkpanama.com Thu Feb 23 03:10:06 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Feb 23 03:10:11 2006 Subject: Email missing for some of recipients In-Reply-To: <00af01c63819$46e2e2d0$8d00a8c0@HITHKG.hankyu.com.hk> References: <00af01c63819$46e2e2d0$8d00a8c0@HITHKG.hankyu.com.hk> Message-ID: <43FD278E.6070001@nkpanama.com> You need to give more details, log snippets, etc... *http://www.catb.org/~esr/faqs/smart-questions.html* Terry WONG/ Hankyu HKG wrote: > Hello, > I'm using Mailscanner 4.40.11-1 on Redhat Linux 9. I often having > trouble on lost email messages. Usually the email will be send to > several users and CC several users too. I saw in the Mailwatch showing > the message were successfully deliver to those users. However, some > users complains they haven't got such message while some of them have. > I suspect this situation was caused by the Mailscanner overloaded. > Would anyone having the same problem could give me some hints to solve > this problem? Thanks!! > Best Regards, > Terry WONG -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060222/8e3efcdd/attachment.html From alex at nkpanama.com Thu Feb 23 03:11:10 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Feb 23 03:11:16 2006 Subject: redirecting In-Reply-To: <1741.203.88.231.77.1140660977.squirrel@203.88.231.77> References: <2734.203.88.231.77.1140574299.squirrel@203.88.231.77> <625385e30602220107u5c6d5a9aj91c846de9a84e86c@mail.gmail.com> <43FC622A.9020500@nkpanama.com> <1741.203.88.231.77.1140660977.squirrel@203.88.231.77> Message-ID: <43FD27CE.9050401@nkpanama.com> I'm working on the procmail script. I'll keep you posted. ecj@telpacific.com.au wrote: > Thanks for the reply guys. What I want to do is make the filtering on the > server side. I'm running imap so like yahoo/hotmail, junk emails will > automatically go to their 'junk' folder and users can access them either > with their client using IMAP or webmail. > So what do you think is better to do: > 1. Just prepend the subject with like: Subject: Probable Spam Subject> > 2. Add an extra header like: X-Spam = Y/N > Then in either way, emails will be scanned and if found to be spam, will > go to the junk folder. > So you think the best way to filter this is thru procmail? Oh wait, I'm > using MySQL to auth users BTW. > > Cheers. > Edward > > > >> You may also be able to do this with MailScanner + a procmail script >> (someone please correct/enlighten me about something like this). >> >> Now that I think of it, could someone post a procmail recipe (or help >> with googling one from somewhere) that would automagically put >> everything that MailScanner marks as SPAM into a Junk folder? >> >> shuttlebox wrote: >> >>> On 2/22/06, *ecj@telpacific.com.au * >>> > wrote: >>> >>> Hello all. It's my first post. >>> I haven't read all the docs on MailScanner yet because I want to >>> make sure >>> that what I am planning to do is possible. I've just been on this >>> job for >>> almost a month and I was assigned this project. What my boss wants >>> is to >>> redirect all spam mails intended for a select list of users' 'junk >>> folder.' Much the same way as Yahoo and Hotmail. >>> Can this be done thru MailScanner? >>> Sorry again. I just need a quick answer before I delve into the >>> mailing >>> list archives and documentations. >>> >>> >>> If you mean a local junk folder in your mail client you need to set it >>> up with a filter, all mail clients can do that (Outlook/Thunderbird >>> and so on). MailScanner can add X-headers and/or changes in the >>> subject line ({Spam?} at the start) for it to trigger on. You can also >>> sort on spam score. >>> >>> -- >>> /peter >>> >> -- >> >> Alex Neuman van der Hans >> N&K Technology Consultants >> Tel. +507 214-9002 - http://nkpanama.com/ >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060222/2ce5d58a/attachment.html From alex at nkpanama.com Thu Feb 23 03:47:16 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Feb 23 03:47:32 2006 Subject: redirecting In-Reply-To: <43FD27CE.9050401@nkpanama.com> References: <2734.203.88.231.77.1140574299.squirrel@203.88.231.77> <625385e30602220107u5c6d5a9aj91c846de9a84e86c@mail.gmail.com> <43FC622A.9020500@nkpanama.com> <1741.203.88.231.77.1140660977.squirrel@203.88.231.77> <43FD27CE.9050401@nkpanama.com> Message-ID: <43FD3044.7030005@nkpanama.com> I think it would be something like: :0: * ^X-Spam-Status: yes $HOME/mail/Junk\ E-mail But maybe that means that if someone even *mentions* "X-Spam-Status: yes" in the body of a message, it'll get flagged. Any suggestions? Alex Neuman van der Hans wrote: > I'm working on the procmail script. I'll keep you posted. > > > ecj@telpacific.com.au wrote: >> Thanks for the reply guys. What I want to do is make the filtering on the >> server side. I'm running imap so like yahoo/hotmail, junk emails will >> automatically go to their 'junk' folder and users can access them either >> with their client using IMAP or webmail. >> So what do you think is better to do: >> 1. Just prepend the subject with like: Subject: Probable Spam > Subject> >> 2. Add an extra header like: X-Spam = Y/N >> Then in either way, emails will be scanned and if found to be spam, will >> go to the junk folder. >> So you think the best way to filter this is thru procmail? Oh wait, I'm >> using MySQL to auth users BTW. >> >> Cheers. >> Edward >> >> >> >>> You may also be able to do this with MailScanner + a procmail script >>> (someone please correct/enlighten me about something like this). >>> >>> Now that I think of it, could someone post a procmail recipe (or help >>> with googling one from somewhere) that would automagically put >>> everything that MailScanner marks as SPAM into a Junk folder? >>> >>> shuttlebox wrote: >>> >>>> On 2/22/06, *ecj@telpacific.com.au * >>>> > wrote: >>>> >>>> Hello all. It's my first post. >>>> I haven't read all the docs on MailScanner yet because I want to >>>> make sure >>>> that what I am planning to do is possible. I've just been on this >>>> job for >>>> almost a month and I was assigned this project. What my boss wants >>>> is to >>>> redirect all spam mails intended for a select list of users' 'junk >>>> folder.' Much the same way as Yahoo and Hotmail. >>>> Can this be done thru MailScanner? >>>> Sorry again. I just need a quick answer before I delve into the >>>> mailing >>>> list archives and documentations. >>>> >>>> >>>> If you mean a local junk folder in your mail client you need to set it >>>> up with a filter, all mail clients can do that (Outlook/Thunderbird >>>> and so on). MailScanner can add X-headers and/or changes in the >>>> subject line ({Spam?} at the start) for it to trigger on. You can also >>>> sort on spam score. >>>> >>>> -- >>>> /peter >>>> >>> -- >>> >>> Alex Neuman van der Hans >>> N&K Technology Consultants >>> Tel. +507 214-9002 - http://nkpanama.com/ >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> >> > > -- > > Alex Neuman van der Hans > N&K Technology Consultants > Tel. +507 214-9002 - http://nkpanama.com/ -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060222/960c393c/attachment.html From richard.siddall at elirion.net Thu Feb 23 04:01:38 2006 From: richard.siddall at elirion.net (Richard Siddall) Date: Thu Feb 23 04:02:19 2006 Subject: redirecting In-Reply-To: <43FD3044.7030005@nkpanama.com> References: <2734.203.88.231.77.1140574299.squirrel@203.88.231.77> <625385e30602220107u5c6d5a9aj91c846de9a84e86c@mail.gmail.com> <43FC622A.9020500@nkpanama.com> <1741.203.88.231.77.1140660977.squirrel@203.88.231.77> <43FD27CE.9050401@nkpanama.com> <43FD3044.7030005@nkpanama.com> Message-ID: <43FD33A2.6090305@elirion.net> Alex Neuman van der Hans wrote: > I think it would be something like: > > :0: > * ^X-Spam-Status: yes > $HOME/mail/Junk\ E-mail > > But maybe that means that if someone even *mentions* "X-Spam-Status: > yes" in the body of a message, it'll get flagged. Any suggestions? > If I'm reading Martin McCarthy's "The Procmail Companion" correctly, just put an H in the colon line: :0 H: I haven't tested this. Regards, Richard Siddall From terry at hankyu.com.hk Thu Feb 23 04:24:52 2006 From: terry at hankyu.com.hk (Terry WONG/ Hankyu HKG) Date: Thu Feb 23 04:21:17 2006 Subject: Email missing for some of recipients References: <00af01c63819$46e2e2d0$8d00a8c0@HITHKG.hankyu.com.hk> <43FD278E.6070001@nkpanama.com> Message-ID: <011101c63831$1b1fa710$8d00a8c0@HITHKG.hankyu.com.hk> For example, below email sends to several users. the address matthaus@hankyu.com.hk can't get the email while others can. I have looked at the email log but can't find any details. Maillog details ========== Feb 21 12:30:17 hitmail sendmail[16973]: k1L4UHtf016973: Milter: no active filter Feb 21 12:30:17 hitmail sendmail[16973]: k1L4UHtf016973: --- 220 hitmail.hankyu.com.hk ESMTP Sendmail 8.12.8/8.12.8; Tue, 21 Feb 2006 12:30:17 +0800 Feb 21 12:30:17 hitmail sendmail[16973]: k1L4UHtf016973: <-- EHLO mail.taiyoink.com.hk Feb 21 12:30:17 hitmail sendmail[16973]: k1L4UHtf016973: --- 250-hitmail.hankyu.com.hk Hello mail.taiyoink.com.hk [210.177.117.77], pleased to meet you Feb 21 12:30:17 hitmail sendmail[16973]: k1L4UHtf016973: --- 250-ENHANCEDSTATUSCODES Feb 21 12:30:17 hitmail sendmail[16973]: k1L4UHtf016973: --- 250-PIPELINING Feb 21 12:30:17 hitmail sendmail[16973]: k1L4UHtf016973: --- 250-8BITMIME Feb 21 12:30:17 hitmail sendmail[16973]: k1L4UHtf016973: --- 250-SIZE 10000000 Feb 21 12:30:17 hitmail sendmail[16973]: k1L4UHtf016973: --- 250-DSN Feb 21 12:30:17 hitmail sendmail[16973]: k1L4UHtf016973: --- 250-DELIVERBY Feb 21 12:30:17 hitmail sendmail[16973]: k1L4UHtf016973: --- 250 HELP Feb 21 12:30:17 hitmail sendmail[16973]: k1L4UHtf016973: <-- MAIL FROM: SIZE=181824 Feb 21 12:30:17 hitmail sendmail[16973]: k1L4UHtf016973: --- 250 2.1.0 ... Sender ok Feb 21 12:30:17 hitmail sendmail[16973]: k1L4UHtf016973: <-- RCPT TO: Feb 21 12:30:17 hitmail sendmail[16973]: k1L4UHtf016973: --- 250 2.1.5 ... Recipient ok Feb 21 12:30:17 hitmail sendmail[16973]: k1L4UHtf016973: <-- RCPT TO: Feb 21 12:30:17 hitmail sendmail[16973]: k1L4UHtf016973: --- 250 2.1.5 ... Recipient ok Feb 21 12:30:17 hitmail sendmail[16973]: k1L4UHtf016973: <-- RCPT TO: Feb 21 12:30:17 hitmail sendmail[16973]: k1L4UHtf016973: --- 250 2.1.5 ... Recipient ok Feb 21 12:30:17 hitmail sendmail[16973]: k1L4UHtf016973: <-- RCPT TO: Feb 21 12:30:17 hitmail sendmail[16973]: k1L4UHtf016973: --- 250 2.1.5 ... Recipient ok Feb 21 12:30:17 hitmail sendmail[16973]: k1L4UHtf016973: <-- DATA Feb 21 12:30:17 hitmail sendmail[16973]: k1L4UHtf016973: --- 354 Enter mail, end with "." on a line by itself Feb 21 12:30:17 hitmail sendmail[16973]: k1L4UHtf016973: from=, size=179432, class=0, nrcpts=4, msgid=<05C207A3DF70784A834C065B24E10F862B7E7D@exchange.taiyo.local>, proto=ESMTP, daemon=MTA, relay=mail.taiyoink.com.hk [210.177.117.77] Feb 21 12:30:17 hitmail sendmail[16973]: k1L4UHtf016973: --- 250 2.0.0 k1L4UHtf016973 Message accepted for delivery Feb 21 12:30:18 hitmail sendmail[16973]: k1L4UHtg016973: <-- QUIT Feb 21 12:30:18 hitmail sendmail[16973]: k1L4UHtg016973: --- 221 2.0.0 hitmail.hankyu.com.hk closing connection Log from Mailwatch ============== Received on: 21/02/06 12:30:21 Received by: hitmail.hankyu.com.hk Received from: 210.177.117.77 (mail.taiyoink.com.hk) ID: k1L4UHtf016973 Message Headers: Return-Path: Received: from mail.taiyoink.com.hk (mail.taiyoink.com.hk [210.177.117.77]) by hitmail.hankyu.com.hk (8.12.8/8.12.8) with ESMTP id k1L4UHtf016973; Tue, 21 Feb 2006 12:30:17 +0800 Content-class: urn:content-classes:message MIME-Version: 1.0 Subject: =?gb2312?B?MtTCMjLI1cyr0fTTzcSry8279dfKwc8=?= Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C6369F.4C981C98" Disposition-Notification-To: "Valerie Zhou" X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Date: Tue, 21 Feb 2006 12:28:40 +0800 Message-ID: <05C207A3DF70784A834C065B24E10F862B7E7D@exchange.taiyo.local> X-MS-Has-Attach: yes X-MS-TNEF-Correlator: Thread-Topic: =?gb2312?B?MtTCMjLI1cyr0fTTzcSry8279dfKwc8=?= Thread-Index: AcXwB+tEDSN0tb5SQdOQGdoTKu6AEQUZICbgAfi5imABiDIo4AaG70fgAoTMbeA= From: "Valerie Zhou" To: =?gb2312?B?uLuw2Lmk0rU=?= Cc: "Hankyu/Joan" , "Hankyu/Matthaus" , "Hankyu/Philip" , "Hankyu/Alen" , "Uni-Top/Johnny" From: valerie@taiyoink.com.hk To: joan@hankyu.com.hk matthaus@hankyu.com.hk philip@hankyu.com.hk alen@hankyu.com.hk Subject: 2##22################## Size: 175.9Kb Virus: N Blocked File: N Other Infection: N Report: Spam: N Action(s): deliver High Scoring Spam: N Listed in RBL: N Whitelisted: N Blacklisted: N SpamAssassin Spam: N SpamAssassin Score: 0.00 Spam Report: Archive: Best Regards, Terry WONG ----- Original Message ----- From: Alex Neuman van der Hans To: MailScanner discussion Sent: Thursday, February 23, 2006 11:10 AM Subject: Re: Email missing for some of recipients You need to give more details, log snippets, etc... http://www.catb.org/~esr/faqs/smart-questions.html Terry WONG/ Hankyu HKG wrote: Hello, I'm using Mailscanner 4.40.11-1 on Redhat Linux 9. I often having trouble on lost email messages. Usually the email will be send to several users and CC several users too. I saw in the Mailwatch showing the message were successfully deliver to those users. However, some users complains they haven't got such message while some of them have. I suspect this situation was caused by the Mailscanner overloaded. Would anyone having the same problem could give me some hints to solve this problem? Thanks!! Best Regards, Terry WONG -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ ------------------------------------------------------------------------------ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060223/a34189f2/attachment.html From mailstodevi at yahoo.com Thu Feb 23 04:33:05 2006 From: mailstodevi at yahoo.com (Devi S) Date: Thu Feb 23 04:33:08 2006 Subject: Email missing for some of recipients In-Reply-To: <00af01c63819$46e2e2d0$8d00a8c0@HITHKG.hankyu.com.hk> Message-ID: <20060223043305.6946.qmail@web50610.mail.yahoo.com> Terry WONG/ Hankyu HKG wrote: Hello, I'm using Mailscanner 4.40.11-1 on Redhat Linux 9. I often having trouble on lost email messages. Usually the email will be send to several users and CC several users too. I saw in the Mailwatch showing the message were successfully deliver to those users. However, some users complains they haven't got such message while some of them have. I suspect this situation was caused by the Mailscanner overloaded. Would anyone having the same problem could give me some hints to solve this problem? Thanks!! Terry, The same whimsical problem I am also facing. Are you using sendmail? Are your users using Microsoft Outlook 2003? These are my findings but i have not solved the problem but avoided it, 1. Mail sent in HTML format from Microsoft outlook 2003 are the candidate for these "missing mails" 2. If a mail is sent to three persons two will receive it one will not receive it 3. I stopped MailScanner and tried sending the mail, again the user who didn't receive the mail still didn't receive it. 4. The message id of these mails are very lenghty. 5. If the users send the same mail in RTF format the mails reaches the user without any issue 6. Not all mails sent in HTML format will get missed, meaning some will reach SAFELY So I advised my user group not to use HTML format while sending mails instead use RTF format. After this the situation is fairly under control. No one has complained of missing mails. But I am sure I have not solved the problem but avoided it! Regards Devi S. Our greatest glory is not in never falling- but in rising every time we fall - Confucius --------------------------------- What are the most popular cars? Find out at Yahoo! Autos -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060222/94898a7f/attachment.html From alex at nkpanama.com Thu Feb 23 04:36:45 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Feb 23 04:38:06 2006 Subject: redirecting In-Reply-To: <43FD33A2.6090305@elirion.net> References: <2734.203.88.231.77.1140574299.squirrel@203.88.231.77> <625385e30602220107u5c6d5a9aj91c846de9a84e86c@mail.gmail.com> <43FC622A.9020500@nkpanama.com> <1741.203.88.231.77.1140660977.squirrel@203.88.231.77> <43FD27CE.9050401@nkpanama.com> <43FD3044.7030005@nkpanama.com> <43FD33A2.6090305@elirion.net> Message-ID: <43FD3BDD.8090203@nkpanama.com> ahhhh ... will try it today... Richard Siddall wrote: > Alex Neuman van der Hans wrote: > >> I think it would be something like: >> >> :0: >> * ^X-Spam-Status: yes >> $HOME/mail/Junk\ E-mail >> >> But maybe that means that if someone even *mentions* "X-Spam-Status: >> yes" in the body of a message, it'll get flagged. Any suggestions? >> >> > > If I'm reading Martin McCarthy's "The Procmail Companion" correctly, > just put an H in the colon line: > :0 H: > > I haven't tested this. > > Regards, > > Richard Siddall > > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060222/15eb8ed1/attachment.html From alex at nkpanama.com Thu Feb 23 04:38:24 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Feb 23 04:40:01 2006 Subject: Email missing for some of recipients In-Reply-To: <20060223043305.6946.qmail@web50610.mail.yahoo.com> References: <20060223043305.6946.qmail@web50610.mail.yahoo.com> Message-ID: <43FD3C40.1030001@nkpanama.com> You may have compounded it by using RTF. Fortunately Julian's worked around it. Devi S wrote: > > > */Terry WONG/ Hankyu HKG /* wrote: > > Hello, > > I'm using Mailscanner 4.40.11-1 on Redhat Linux 9. I often having > trouble on lost email messages. Usually the email will be send to > several users and CC several users too. I saw in the Mailwatch > showing the message were successfully deliver to those users. > However, some users complains they haven't got such message while > some of them have. I suspect this situation was caused by the > Mailscanner overloaded. Would anyone having the same problem could > give me some hints to solve this problem? Thanks!! > > Terry, > The same whimsical problem I am also facing. Are! you using sendmail? > Are your users using Microsoft Outlook 2003? > These are my findings but i have not solved the problem but avoided it, > 1. Mail sent in HTML format from Microsoft outlook 2003 are the > candidate for these "missing mails" > 2. If a mail is sent to three persons two will receive it one will not > receive it > 3. I stopped MailScanner and tried sending the mail, again the user > who didn't receive the mail still didn't receive it. > 4. The message id of these mails are very lenghty. > 5. If the users send the same mail in RTF format the mails reaches the > user without any issue > 6. Not all mails sent in HTML format will get missed, meaning some > will reach SAFELY > > So I advised my user group not to use HTML format while sending mails > instead use RTF format. After this the situation is fairly under > control. No one has complained of missing mails. But I am su! re I > have not solved the problem but avoided it! > > > > > > > > > > > > *Regards* > > *Devi S.* > > Our greatest glory is not in never falling- but in rising every time > we fall - Confucius > > ------------------------------------------------------------------------ > > What are the most popular cars? Find out at Yahoo! Autos > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060222/05d64665/attachment-0001.html From john at tradoc.fr Thu Feb 23 07:44:53 2006 From: john at tradoc.fr (John Wilcock) Date: Thu Feb 23 07:44:58 2006 Subject: Beta 4.51.1: "Add TNEF Contents" In-Reply-To: <43FCBBC4.5060906@ecs.soton.ac.uk> References: <43FCBBC4.5060906@ecs.soton.ac.uk> Message-ID: <43FD67F5.7070605@tradoc.fr> Julian Field wrote: > > So I'm a bit confused. With the latest MS TNEF attachments are > > > disallowed by default. > Due to a current security issue with TNEF handling in Microsoft code. > You may choose to disable this block. Hopefully Microsoft will fix this > issue pretty fast, it should be in an Office update. > > So this block is temporary, it's not intended to be permanently in there. Does the new "Add TNEF Contents" do as its name suggests, i.e. add the attachments from within the TNEF but also leave the TNEF part there? If so, how about changing things to (optionally?) *replace* the TNEF completely. That way no Microsoft code even gets to see the TNEF... John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From wietse at boudisque.nl Thu Feb 23 08:28:27 2006 From: wietse at boudisque.nl (Wietse Muizelaar) Date: Thu Feb 23 08:28:37 2006 Subject: Beta 4.51.1: "Add TNEF Contents" References: <43FC9696.1030003@ecs.soton.ac.uk> Message-ID: <014201c63853$1f2a8880$1373a8c0@BOUDIEWEB10> Hi, It works for me, quite good. Only thing is, when the sender insert a picture or something as an inline object in the mail; MailScanner delevered the attachment with the filename "Untitled Attac". I guess that's because of the inline object? Regards, Wietse On Wednesday, February 22, 2006 5:51 PM, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Yay! Thankyou very much for the thorough testing. In my own tests, all > the MIME structures looked to be correct. > > I hope people find this feature useful, I know it will resolve issues > I am having with the Royal Air Force at the moment :-) > > Rick Cooper wrote: >> I did a few tests sending pure RTF from outlook and all the clients >> I tested were able to handle the attachments fine. I tested: >> >> Agent 1.9 >> Pegasus 3.2 >> Thunderbird 1.5 >> Outlook 2000 >> KMail 1.43 >> >> I did not test any other *nix clients. >> >> Rick Cooper >> >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of >>> Julian Field >>> Sent: Tuesday, February 21, 2006 3:16 PM >>> To: MailScanner discussion >>> Subject: Beta 4.51.1: "Add TNEF Contents" >>> >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> I have added a new option to allow the attachments contained within >>> a Microsoft TNEF ("Outlook Rich Text Format") to be added to the >>> normal attachments contained in the message. >>> >>> This means that non-Outlook users can still read the attachments >>> put in the message by badly configured Outlook or Exchange systems. >>> >>> Please can you give this option a try. It is switched on by default. >>> >>> Thanks folks. >>> >>> - -- >>> Julian Field >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> Professional Support Services at www.MailScanner.biz >>> MailScanner thanks transtec Computers for their support >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.0.5 (Build 5050) >>> >>> iQA/AwUBQ/t1AxH2WUcUFbZUEQI+SQCgzpVZIgJgp64WzHnTPllsjMdY058AnAnn >>> alpDU/hTaqcrqty4IJAr4XwE >>> =98rO >>> -----END PGP SIGNATURE----- >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> >>> >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> >> > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQA/AwUBQ/yWnxH2WUcUFbZUEQJDCgCePgvH5k0VKMl7Jo2wZARit6hmmt4An2YR > IS7sqPxXPwKZLnegmCi18EjG > =2MXz > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. -- Met vriendelijke groet, Wietse Muizelaar ------------------------------------------- W.G. Muizelaar Boudisque Webmaster / ICT Drieharingstraat 5-31, 3511 BH Utrecht Telefoon: +31 (0)30 - 2394030 E-mail: wietse@boudisque.nl Website: www.boudisque.nl ------------------------------------------- From MailScanner at ecs.soton.ac.uk Thu Feb 23 08:56:56 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 23 08:57:06 2006 Subject: Beta 4.51.1: "Add TNEF Contents" In-Reply-To: <43FD67F5.7070605@tradoc.fr> References: <43FCBBC4.5060906@ecs.soton.ac.uk> <43FD67F5.7070605@tradoc.fr> Message-ID: <57AD457F-8F0F-476A-BF40-C27119AB84B7@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 23 Feb 2006, at 07:44, John Wilcock wrote: > Julian Field wrote: >> > So I'm a bit confused. With the latest MS TNEF attachments are >> > > disallowed by default. >> Due to a current security issue with TNEF handling in Microsoft >> code. You may choose to disable this block. Hopefully Microsoft >> will fix this issue pretty fast, it should be in an Office update. >> So this block is temporary, it's not intended to be permanently in >> there. > > Does the new "Add TNEF Contents" do as its name suggests, i.e. add > the attachments from within the TNEF but also leave the TNEF part > there? Yes. > If so, how about changing things to (optionally?) *replace* the > TNEF completely. That way no Microsoft code even gets to see the > TNEF... I always try to leave as much of the original mail in place as possible, so I chose to just add to it rather than replace it. > > John. > > -- > -- Over 3000 webcams from ski resorts around the world - > www.snoweye.com > -- Translate your technical documents and web pages - www.tradoc.fr > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBQ/142vw32o+k+q+hAQGldwf+LrAZLSnnfM0B+aggvAy4PIStQI8rLCDu OMuG43zWyWUteT8HeYrrMhoRJUa+b8pW3UNNi/a6S9KGUv34vApvz93ahaGjdMpJ LtQtdlPh9V3ixe+fY6Yct72KP3Wn9L6b8AVdPHxKSbm6OI9B05gbMn/66hb40odz wEr8hRV27MQuzRn38dyfO/3wY6JlaUVi+Wqk7t2HF0uQzoqjYQu0sdj6LU3DokYx CBxHaY5Kv1+jz+5iZjY3QqhWgJvg2VB0zR9y6UlPwtWOHiERyrOfMfczgCBHM9RT szvzc26MveTSQCuOe6P/2H1a9j5Zf3a7Y/R7ZLkFDA9JfQ3upZ5BTg== =HyHp -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solid-state-logic.com Thu Feb 23 08:59:42 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Thu Feb 23 08:59:47 2006 Subject: MailScanner can't keep up In-Reply-To: <43FCB3FA.1030107@ecs.soton.ac.uk> Message-ID: <007401c63857$7c93a980$3004010a@martinhlaptop> I'd second what Julian says - you're short on RAM. Vmstat will show this. Also depends on what spamassassin rules etc you have, the more SA checks the more memory required. There's some really huge SA rules that you may have downloaded in the past that are no longer needed with the URI RBL's. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 22 February 2006 18:57 > To: MailScanner discussion > Subject: Re: MailScanner can't keep up > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Drew Burchett wrote: > > I have MailScanner 4.5 set up on Suse Linux 10.0 use > > Postfix 2.2.3 as an MTA. Messages are being received > > fine, but MailScanner is choking on the volume trying > > to process them. According to MailWatch, I am > > averaging receiving 700 messages per hour to be > > scanned (tons more are being delivered, but filtered > > by Postfix). On average, MailScanner is reporting > > taking about 900 seconds per 15 message batch. I have > > it limited to 10 child processes. The server it is > > running on is a 3.0 Ghz with 512 Mb memory and a 40Gig > > SCSI hard drive divided into three partitions. If you > > need any other informaiton to help me diagnose this > > problem, please let me know and I'll be glad to post it. > > > Add more RAM. With 10 child processes (I would advise 5 per CPU) you > will need 2Gb of RAM. I bet that "vmstat 5" reports it is swapping like > crazy (look for the si and sout figures). My advice is 5 children and > 1GB RAM per CPU. Hyper-threaded processes still count as 1. > > RAM is cheap, go buy a shed load more. > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQA/AwUBQ/yz+xH2WUcUFbZUEQIU1ACdFGsqwqb3fOK2ENGU/Z6om6lRVlAAn1h2 > L+24XW14OhGwQImlcOGxOipM > =MkAF > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From terry at hankyu.com.hk Thu Feb 23 09:12:30 2006 From: terry at hankyu.com.hk (Terry WONG/ Hankyu HKG) Date: Thu Feb 23 09:08:44 2006 Subject: Email missing for some of recipients References: <20060223043305.6946.qmail@web50610.mail.yahoo.com> Message-ID: <01ef01c63859$4798f850$8d00a8c0@HITHKG.hankyu.com.hk> Thanks Devi, Yes, I'm using sendmail and the users are using Outlook Express. But in my case, not just the HTML email will lost, but some of the emails containing PDF, TIF attachments or some messages in RTF format too. It's so strange that some of them can get the message and some of them can't. I just want to know is it a bug in Mailscanner or my configuration have some problem. Best Regards, Terry WONG ----- Original Message ----- From: Devi S To: MailScanner discussion Sent: Thursday, February 23, 2006 12:33 PM Subject: Re: Email missing for some of recipients Terry WONG/ Hankyu HKG wrote: Hello, I'm using Mailscanner 4.40.11-1 on Redhat Linux 9. I often having trouble on lost email messages. Usually the email will be send to several users and CC several users too. I saw in the Mailwatch showing the message were successfully deliver to those users. However, some users complains they haven't got such message while some of them have. I suspect this situation was caused by the Mailscanner overloaded. Would anyone having the same problem could give me some hints to solve this problem? Thanks!! Terry, The same whimsical problem I am also facing. Are! you using sendmail? Are your users using Microsoft Outlook 2003? These are my findings but i have not solved the problem but avoided it, 1. Mail sent in HTML format from Microsoft outlook 2003 are the candidate for these "missing mails" 2. If a mail is sent to three persons two will receive it one will not receive it 3. I stopped MailScanner and tried sending the mail, again the user who didn't receive the mail still didn't receive it. 4. The message id of these mails are very lenghty. 5. If the users send the same mail in RTF format the mails reaches the user without any issue 6. Not all mails sent in HTML format will get missed, meaning some will reach SAFELY So I advised my user group not to use HTML format while sending mails instead use RTF format. After this the situation is fairly under control. No one has complained of missing mails. But I am su! re I have not solved the problem but avoided it! Regards Devi S. Our greatest glory is not in never falling- but in rising every time we fall - Confucius ------------------------------------------------------------------------------ What are the most popular cars? Find out at Yahoo! Autos ------------------------------------------------------------------------------ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060223/2855a156/attachment.html From shuttlebox at gmail.com Thu Feb 23 09:28:39 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Feb 23 09:28:43 2006 Subject: Beta 4.51.1: "Add TNEF Contents" In-Reply-To: <57AD457F-8F0F-476A-BF40-C27119AB84B7@ecs.soton.ac.uk> References: <43FCBBC4.5060906@ecs.soton.ac.uk> <43FD67F5.7070605@tradoc.fr> <57AD457F-8F0F-476A-BF40-C27119AB84B7@ecs.soton.ac.uk> Message-ID: <625385e30602230128g31876dd4g63061b2e2e1d6661@mail.gmail.com> On 2/23/06, Julian Field wrote: > > I always try to leave as much of the original mail in place as > possible, so I chose to just add to it rather than replace it. > Is this transparent to the users or is there a risk that the attachments are shown twice (Outlook) or not at all or with an error message (other than Outlook)? -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060223/bd93f0d7/attachment.html From MailScanner at ecs.soton.ac.uk Thu Feb 23 09:36:50 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 23 09:37:07 2006 Subject: Beta 4.51.1: "Add TNEF Contents" In-Reply-To: <625385e30602230128g31876dd4g63061b2e2e1d6661@mail.gmail.com> References: <43FCBBC4.5060906@ecs.soton.ac.uk> <43FD67F5.7070605@tradoc.fr> <57AD457F-8F0F-476A-BF40-C27119AB84B7@ecs.soton.ac.uk> <625385e30602230128g31876dd4g63061b2e2e1d6661@mail.gmail.com> Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 487 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060223/3323737a/PGP.bin From rcooper at dwford.com Thu Feb 23 11:43:07 2006 From: rcooper at dwford.com (Rick Cooper) Date: Thu Feb 23 11:43:32 2006 Subject: Beta 4.51.1: "Add TNEF Contents" In-Reply-To: <625385e30602230128g31876dd4g63061b2e2e1d6661@mail.gmail.com> Message-ID: -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of shuttlebox Sent: Thursday, February 23, 2006 4:29 AM To: MailScanner discussion Subject: Re: Beta 4.51.1: "Add TNEF Contents" On 2/23/06, Julian Field wrote: I always try to leave as much of the original mail in place as possible, so I chose to just add to it rather than replace it. Is this transparent to the users or is there a risk that the attachments are shown twice (Outlook) or not at all or with an error message (other than Outlook)? [Rick Cooper] I guess I should have mentioned that in Outlook it does indeed show the attachments twice. Once in the body of the RTF message and once in the normal attachment (paperclip) section. If I am remembering correctly ytnef removes the tnef attachments and creates the new attachments. The Outlook users would have to open the attachments for, say meetings and such, but they still work. I thought it was working as Julian intended, that's why I didn't mention it Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060223/f3031dc5/attachment.html From ecj at telpacific.com.au Thu Feb 23 11:54:34 2006 From: ecj at telpacific.com.au (DOODS) Date: Thu Feb 23 11:55:11 2006 Subject: redirecting In-Reply-To: <43FD3BDD.8090203@nkpanama.com> References: <2734.203.88.231.77.1140574299.squirrel@203.88.231.77> <625385e30602220107u5c6d5a9aj91c846de9a84e86c@mail.gmail.com> <43FC622A.9020500@nkpanama.com> <1741.203.88.231.77.1140660977.squirrel@203.88.231.77> <43FD27CE.9050401@nkpanama.com> <43FD3044.7030005@nkpanama.com> <43FD33A2.6090305@elirion.net> <43FD3BDD.8090203@nkpanama.com> Message-ID: <10841.144.131.92.76.1140695674.squirrel@144.131.92.76> Good day Alex. Have you tried it yet? I'm still setting up my test server and hope to do some testing myself next week. > ahhhh ... will try it today... > > Richard Siddall wrote: >> Alex Neuman van der Hans wrote: >> >>> I think it would be something like: >>> >>> :0: >>> * ^X-Spam-Status: yes >>> $HOME/mail/Junk\ E-mail >>> >>> But maybe that means that if someone even *mentions* "X-Spam-Status: >>> yes" in the body of a message, it'll get flagged. Any suggestions? >>> >>> >> >> If I'm reading Martin McCarthy's "The Procmail Companion" correctly, >> just put an H in the colon line: >> :0 H: >> >> I haven't tested this. >> >> Regards, >> >> Richard Siddall >> >> >> > > -- > > Alex Neuman van der Hans > N&K Technology Consultants > Tel. +507 214-9002 - http://nkpanama.com/ > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Cheers, DOODS From john at tradoc.fr Thu Feb 23 12:24:43 2006 From: john at tradoc.fr (John Wilcock) Date: Thu Feb 23 12:25:01 2006 Subject: Beta 4.51.1: "Add TNEF Contents" In-Reply-To: References: Message-ID: <43FDA98B.2040207@tradoc.fr> Rick Cooper wrote: > I guess I should have mentioned that in Outlook it does indeed show > the attachments twice. Once in the body of the RTF message and once > in the normal attachment (paperclip) section. If I am remembering > correctly ytnef removes the tnef attachments and creates the new > attachments. The Outlook users would have to open the attachments > for, say meetings and such, but they still work. I thought it was > working as Julian intended, that's why I didn't mention it So Outlook users see the attachments twice and non-Outlook users see a useless winmail.dat attachment. In any case that means that the size of the raw message is roughly doubled, which might pose problems with mailbox quotas and the like. Julian, how about an option to replace rather than add? Perhaps as a single config file option with three values "No" (for Outlook-only sites), "Add" (for the paranoid) and "Replace" (for the rest of us) or whatever. John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From shuttlebox at gmail.com Thu Feb 23 12:37:47 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Feb 23 12:37:50 2006 Subject: Beta 4.51.1: "Add TNEF Contents" In-Reply-To: <43FDA98B.2040207@tradoc.fr> References: <43FDA98B.2040207@tradoc.fr> Message-ID: <625385e30602230437o32c6b68dj8a0a68998601eda5@mail.gmail.com> On 2/23/06, John Wilcock wrote: > > Julian, how about an option to replace rather than add? Perhaps as a > single config file option with three values "No" (for Outlook-only > sites), "Add" (for the paranoid) and "Replace" (for the rest of us) or > whatever. > I second that. :-) -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060223/dca233ef/attachment.html From rcooper at dwford.com Thu Feb 23 14:06:36 2006 From: rcooper at dwford.com (Rick Cooper) Date: Thu Feb 23 14:07:09 2006 Subject: Beta 4.51.1: "Add TNEF Contents" In-Reply-To: <625385e30602230437o32c6b68dj8a0a68998601eda5@mail.gmail.com> Message-ID: -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of shuttlebox Sent: Thursday, February 23, 2006 7:38 AM To: MailScanner discussion Subject: Re: Beta 4.51.1: "Add TNEF Contents" On 2/23/06, John Wilcock wrote: Julian, how about an option to replace rather than add? Perhaps as a single config file option with three values "No" (for Outlook-only sites), "Add" (for the paranoid) and "Replace" (for the rest of us) or whatever. I second that. :-) [Rick Cooper] Important to note, before someone complains, that anything you do here will break GPG, etc, as the message is obviously being modified. Personally I think that is fine because even Microsoft doesn't recommend sending rich text into the world and better this than just denying messages containing winmail.dat. Rick Cooper -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060223/99cb2315/attachment.html From MailScanner at ecs.soton.ac.uk Thu Feb 23 19:26:28 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 23 19:26:33 2006 Subject: Beta 4.51.1: "Add TNEF Contents" In-Reply-To: References: Message-ID: <43FE0C64.9080909@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rick Cooper wrote: > > > -----Original Message----- > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]*On Behalf Of > *shuttlebox > *Sent:* Thursday, February 23, 2006 4:29 AM > *To:* MailScanner discussion > *Subject:* Re: Beta 4.51.1: "Add TNEF Contents" > > On 2/23/06, *Julian Field* > wrote: > > I always try to leave as much of the original mail in place as > possible, so I chose to just add to it rather than replace it. > > > Is this transparent to the users or is there a risk that the > attachments are shown twice (Outlook) or not at all or with an > error message (other than Outlook)? > > [Rick Cooper] > I guess I should have mentioned that in Outlook it does indeed > show the attachments twice. Once in the body of the RTF message > and once in the normal attachment (paperclip) section. If I am > remembering correctly ytnef removes the tnef attachments and > creates the new attachments. The Outlook users would have to open > the attachments for, say meetings and such, but they still work. I > thought it was working as Julian intended, that's why I didn't > mention it > I didn't want to remove the winmail.dat file in case the TNEF expander wasn't able to extract all the attachments. If that happens at least Outlook users can still get at everything. I don't like removing things from the message unless it's really necessary. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBQ/4MZRH2WUcUFbZUEQJQFwCfQuVj7ozf3/veCgtXItgE+pqv+RIAoJjx hsqafgpnySoqkiwBFpcPISLO =pusM -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Thu Feb 23 20:17:53 2006 From: rcooper at dwford.com (Rick Cooper) Date: Thu Feb 23 20:18:59 2006 Subject: Beta 4.51.1: "Add TNEF Contents" In-Reply-To: <43FE0C64.9080909@ecs.soton.ac.uk> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > Field > Sent: Thursday, February 23, 2006 2:26 PM > To: MailScanner discussion > Subject: Re: Beta 4.51.1: "Add TNEF Contents" > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Rick Cooper wrote: > > > > > > -----Original Message----- > > *From:* mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info]*On Behalf Of > > *shuttlebox > > *Sent:* Thursday, February 23, 2006 4:29 AM > > *To:* MailScanner discussion > > *Subject:* Re: Beta 4.51.1: "Add TNEF Contents" > > > > On 2/23/06, *Julian Field* > > wrote: > > > > I always try to leave as much of the original mail in place as > > possible, so I chose to just add to it rather than replace it. > > > > [...] > > > > [Rick Cooper] > > I guess I should have mentioned that in Outlook it does indeed > > show the attachments twice. Once in the body of the RTF message > > and once in the normal attachment (paperclip) section. If I am > > remembering correctly ytnef removes the tnef attachments and > > creates the new attachments. The Outlook users would have to open > > the attachments for, say meetings and such, but they still work. I > > thought it was working as Julian intended, that's why I didn't > > mention it > > > I didn't want to remove the winmail.dat file in case the TNEF expander > wasn't able to extract all the attachments. If that happens at least > Outlook users can still get at everything. I don't like removing things > from the message unless it's really necessary. > I was kinda playing with this (day off today) and you can add winmail.dat (or winmail\d{0,}\.dat) to the filename rules and winmail.dat is removed (with a warning) and the other attachments remain. Of course I wasn't interested in the warning and found a fairly easy way to put a trigger in the user report portion of the rule to tell MS not to modify the subject or body with warnings: deny+delete winmail\.dat$ Removed a winmail.dat file #NO_USER_REPORT If the user report =~ /#NO_USER_REPORT/sm then a global flag is *Not* set true for that attachment when it's stripped and the report/modifications are not made unless another rule is hit that doesn't contain the #NO_USER_REPORT string, but the log always shows the log warning "Removed a winmail.dat file" Then I found an odd thing. If I send a rich text message with no attachments. the entire body is removed when I have the deny[+delete] rule for winmail.dat. I use the external tnef processor so I modified the command to: -f $dir/$tnefname -C $dir --overwrite --save-body --body-pref=htr and voila! The message body returns and there is an attachment called message.rtf added that includes the rtf version of the message body. What ever is causing that must have something to do with my hither to unmentioned problem with messages containing winmail.dat and no attachments having the entire message body stripped. Any idea as to what causes that? Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 23 20:47:38 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 23 20:47:44 2006 Subject: Beta 4.51.1: "Add TNEF Contents" In-Reply-To: References: Message-ID: <43FE1F6A.50903@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rick Cooper wrote: > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian >> Field >> Sent: Thursday, February 23, 2006 2:26 PM >> To: MailScanner discussion >> Subject: Re: Beta 4.51.1: "Add TNEF Contents" >> >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Rick Cooper wrote: >> >>> >>> >>> -----Original Message----- >>> *From:* mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info]*On Behalf Of >>> *shuttlebox >>> *Sent:* Thursday, February 23, 2006 4:29 AM >>> *To:* MailScanner discussion >>> *Subject:* Re: Beta 4.51.1: "Add TNEF Contents" >>> >>> On 2/23/06, *Julian Field* >> > wrote: >>> >>> I always try to leave as much of the original mail in place as >>> possible, so I chose to just add to it rather than replace it. >>> >>> >>> > [...] > >>> [Rick Cooper] >>> I guess I should have mentioned that in Outlook it does indeed >>> show the attachments twice. Once in the body of the RTF message >>> and once in the normal attachment (paperclip) section. If I am >>> remembering correctly ytnef removes the tnef attachments and >>> creates the new attachments. The Outlook users would have to open >>> the attachments for, say meetings and such, but they still work. I >>> thought it was working as Julian intended, that's why I didn't >>> mention it >>> >>> >> I didn't want to remove the winmail.dat file in case the TNEF expander >> wasn't able to extract all the attachments. If that happens at least >> Outlook users can still get at everything. I don't like removing things >> from the message unless it's really necessary. >> >> > > I was kinda playing with this (day off today) and you can add winmail.dat (or winmail\d{0,}\.dat) to the filename rules and winmail.dat is removed (with a warning) and the other attachments remain. Of course I wasn't interested in the warning and found a fairly easy way to put a trigger in the user report portion of the rule to tell MS not to modify the subject or body with warnings: > deny+delete winmail\.dat$ Removed a winmail.dat file #NO_USER_REPORT > > If the user report =~ /#NO_USER_REPORT/sm then a global flag is *Not* set true for that attachment when it's stripped and the report/modifications are not made unless another rule is hit that doesn't contain the #NO_USER_REPORT string, but the log always shows the log warning "Removed a winmail.dat file" > > Then I found an odd thing. If I send a rich text message with no attachments. the entire body is removed when I have the deny[+delete] rule for winmail.dat. I use the external tnef processor so I modified the command to: > > -f $dir/$tnefname -C $dir --overwrite --save-body --body-pref=htr > > and voila! The message body returns and there is an attachment called message.rtf added that includes the rtf version of the message body. What ever is causing that must have something to do with my hither to unmentioned problem with messages containing winmail.dat and no attachments having the entire message body stripped. Any idea as to what causes that? To put it briefly, not a clue. I have got the Use TNEF Contents = no / add / replace working. What should be the default? I am going to go for "replace" unless anyone says otherwise. Your thoughts please. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBQ/4faxH2WUcUFbZUEQJQkwCgifr6B9G6cUcQPnCY8brklDlkYbYAoKel Bk087z0S6itYuazLikJ+gA8X =SYgW -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 23 20:48:55 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 23 20:48:59 2006 Subject: Beta 4.51.1: "Add TNEF Contents" In-Reply-To: <43FDA98B.2040207@tradoc.fr> References: <43FDA98B.2040207@tradoc.fr> Message-ID: <43FE1FB7.2040206@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Wilcock wrote: > Rick Cooper wrote: >> I guess I should have mentioned that in Outlook it does indeed show >> the attachments twice. Once in the body of the RTF message and once >> in the normal attachment (paperclip) section. If I am remembering >> correctly ytnef removes the tnef attachments and creates the new >> attachments. The Outlook users would have to open the attachments >> for, say meetings and such, but they still work. I thought it was >> working as Julian intended, that's why I didn't mention it > > So Outlook users see the attachments twice and non-Outlook users see a > useless winmail.dat attachment. > > In any case that means that the size of the raw message is roughly > doubled, which might pose problems with mailbox quotas and the like. > > Julian, how about an option to replace rather than add? Perhaps as a > single config file option with three values "No" (for Outlook-only > sites), "Add" (for the paranoid) and "Replace" (for the rest of us) or > whatever. Good idea. The option is now called Use TNEF Contents = no / add / replace and it all appears to work fine. I'll put out a beta shortly, don't want to eat cold dinner :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBQ/4ftxH2WUcUFbZUEQIyWACfRH9UHH96p7gFuARAWrYGFlZ2LLMAnjxq ckb6coFoCfup+P0JVhrRajlW =Mymj -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Thu Feb 23 20:59:14 2006 From: rcooper at dwford.com (Rick Cooper) Date: Thu Feb 23 20:59:38 2006 Subject: Beta 4.51.1: "Add TNEF Contents" In-Reply-To: <43FE1F6A.50903@ecs.soton.ac.uk> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > Field > Sent: Thursday, February 23, 2006 3:48 PM > To: MailScanner discussion > Subject: Re: Beta 4.51.1: "Add TNEF Contents" [...] > > I have got the > Use TNEF Contents = no / add / replace > working. > What should be the default? I am going to go for "replace" unless anyone > says otherwise. > > Your thoughts please. > Replace, absolutely Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 23 21:19:16 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 23 21:19:23 2006 Subject: Beta 4.51.2: "Use TNEF Contents" Message-ID: <43FE26D4.2070600@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Add TNEF Contents = yes / no option has been replaced with Use TNEF Contents = no / add / replace with the default value being "replace". If set to "add" then the winmail.dat file is left intact, with all its contents added to the message. If set to "replace" then the winmail.dat file is deleted, having had its contents replaced by the attachments it contains. By leaving it set to "replace", you make the message usable by non-Outlook users while leaving the message roughly its original size. If you use "add", bear in mind that this will roughly double the size of TNEF messages as both the original and expanded attachments are left in the message. Download 4.51.2 from www.mailscanner.info as usual. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBQ/4m1RH2WUcUFbZUEQIpkACcDTEu/3IrJpZMwSDmqZ5qxZjDjI8AoLi4 ikzBvGpxtqGXKjdk4sOgpUcB =jVng -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dnsadmin at 1bigthink.com Thu Feb 23 21:24:56 2006 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Thu Feb 23 21:25:10 2006 Subject: Beta 4.51.1: "Add TNEF Contents" In-Reply-To: References: <43FE1F6A.50903@ecs.soton.ac.uk> Message-ID: <6.2.3.4.0.20060223162431.0540c5e0@mxt.1bigthink.com> At 03:59 PM 2/23/2006, you wrote: > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > > Field > > Sent: Thursday, February 23, 2006 3:48 PM > > To: MailScanner discussion > > Subject: Re: Beta 4.51.1: "Add TNEF Contents" >[...] > > > > I have got the > > Use TNEF Contents = no / add / replace > > working. > > What should be the default? I am going to go for "replace" unless anyone > > says otherwise. > > > > Your thoughts please. > > > >Replace, absolutely > >Rick Replace, absolutely sended. Glenn From campbell at cnpapers.com Thu Feb 23 21:38:13 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Feb 23 21:38:30 2006 Subject: Beta 4.51.2: "Use TNEF Contents" References: <43FE26D4.2070600@ecs.soton.ac.uk> Message-ID: <003901c638c1$734b0de0$0705000a@DDF5DW71> Julian, Does all of this mean any quarantined message is left in tact as received? I'm asking only because I like your ideas of keeping a copy unchanged. Thanks for the great work. Steve Campbell campbell@cnpapers.com Charleston Newspapers ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Thursday, February 23, 2006 4:19 PM Subject: Beta 4.51.2: "Use TNEF Contents" > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > The > Add TNEF Contents = yes / no > option has been replaced with > Use TNEF Contents = no / add / replace > with the default value being "replace". > > If set to "add" then the winmail.dat file is left intact, with all its > contents added to the message. > If set to "replace" then the winmail.dat file is deleted, having had its > contents replaced by the attachments it contains. > > By leaving it set to "replace", you make the message usable by > non-Outlook users while leaving the message roughly its original size. > > If you use "add", bear in mind that this will roughly double the size of > TNEF messages as both the original and expanded attachments are left in > the message. > > Download 4.51.2 from www.mailscanner.info as usual. > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQA/AwUBQ/4m1RH2WUcUFbZUEQIpkACcDTEu/3IrJpZMwSDmqZ5qxZjDjI8AoLi4 > ikzBvGpxtqGXKjdk4sOgpUcB > =jVng > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Thu Feb 23 21:47:44 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 23 21:47:49 2006 Subject: Beta 4.51.2: "Use TNEF Contents" In-Reply-To: <003901c638c1$734b0de0$0705000a@DDF5DW71> References: <43FE26D4.2070600@ecs.soton.ac.uk> <003901c638c1$734b0de0$0705000a@DDF5DW71> Message-ID: <43FE2D80.8020409@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Steve Campbell wrote: > Julian, > > Does all of this mean any quarantined message is left in tact as > received? I'm asking only because I like your ideas of keeping a copy > unchanged. The quarantined message is always left untouched, unless you have the "Keep SPAM and MCP Quarantine Clean" option set. So the answer to your question is a simple "yes". > Thanks for the great work. My pleasure, but you have bought the book haven't you? :-) > > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBQ/4tgRH2WUcUFbZUEQI4yACg543XpO9JJ5Wcdazv64uBUBWLlY4An3K2 48LyicrRvEo+6Aa5DIPbnL69 =SOG0 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From doron at crc.co.za Thu Feb 23 22:22:49 2006 From: doron at crc.co.za (Doron Shmaryahu) Date: Thu Feb 23 22:23:09 2006 Subject: MailScanner per user mail size limit Message-ID: <736056B20C569640AD384C4242646F2205EEE8@CTDC01.crc.localnet> Hi, I have MailScanner 4.50.15 running on a FreeBSD 4.11 machine. All is working perfectly. I have read through the docs on creating per user mail limits but until now I have still not been able to make it work. I would like the rule file to control mail size limits for each user. Are there any problems with this ? Could someone provide me a example rule file or any hints/docs would be appreciated. Thanks in advance Doron From MailScanner at ecs.soton.ac.uk Thu Feb 23 22:28:46 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 23 22:28:53 2006 Subject: MailScanner per user mail size limit In-Reply-To: <736056B20C569640AD384C4242646F2205EEE8@CTDC01.crc.localnet> References: <736056B20C569640AD384C4242646F2205EEE8@CTDC01.crc.localnet> Message-ID: <43FE371E.2080402@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Doron Shmaryahu wrote: > Hi, > > I have MailScanner 4.50.15 running on a FreeBSD 4.11 machine. All is > working perfectly. I have read through the docs on creating per user > mail limits but until now I have still not been able to make it work. I > would like the rule file to control mail size limits for each user. > > Are there any problems with this ? > Can you provide me with details of what you have tested? It should work okay. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBQ/43HxH2WUcUFbZUEQIXGACgzhcJHWoDlDnUeDfaogTW7Msk0KQAnAm6 Jh116Z20S4WhIajSCKJNzbnh =gvmM -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From linux_spartacus at yahoo.com Fri Feb 24 00:21:54 2006 From: linux_spartacus at yahoo.com (spart cus) Date: Fri Feb 24 00:22:18 2006 Subject: MailScanner Ports ? Message-ID: <20060224002154.68850.qmail@web35611.mail.mud.yahoo.com> Hi guys, im securing my mail server.Just want to ask what port does MS uses ? Like for updating viruses(CLamAV) and spamlists (SpamAssassin). I already open ports 25; and 110, what else ? tnx --------------------------------- Yahoo! Mail Use Photomail to share photos without annoying attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060223/d8b502e1/attachment.html From michele at blacknight.ie Fri Feb 24 00:33:13 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Fri Feb 24 00:33:14 2006 Subject: MailScanner Ports ? In-Reply-To: <20060224002154.68850.qmail@web35611.mail.mud.yahoo.com> References: <20060224002154.68850.qmail@web35611.mail.mud.yahoo.com> Message-ID: <43FE5449.7070606@blacknight.ie> spart cus wrote: > Hi guys, > im securing my mail server.Just want to ask what port does MS uses ? > Like for updating viruses(CLamAV) and spamlists (SpamAssassin). I > already open ports 25; and 110, what else ? > tnx > http://wiki.mailscanner.info/doku.php?id=maq:index -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From brad at beckenhauer.com Fri Feb 24 03:13:32 2006 From: brad at beckenhauer.com (Brad Beckenhauer) Date: Fri Feb 24 03:13:44 2006 Subject: MailScanner per user mail size limit References: UID54344-1101139125 Message-ID: <20060223T211332Z_A9B700000000@beckenhauer.com> >>> Doron Shmaryahu 2/23/2006 4:22:49 PM >>> Hi, I have MailScanner 4.50.15 running on a FreeBSD 4.11 machine. All is working perfectly. I have read through the docs on creating per user mail limits but until now I have still not been able to make it work. I would like the rule file to control mail size limits for each user. Are there any problems with this ? Could someone provide me a example rule file or any hints/docs would be appreciated. Thanks in advance Doron -- This shoudl work for you. Create this file "MaximumAttachmentSize.rules" in your "rules" directory and modify your MailScanner.conf as noted. # # File Location/Name: # %rules-dir%/MaximumAttachmentSize.rules # # This is where you can build a ruleslist # that allows you to specify attachment size limits in bytes # # In MailScanner.conf change: # "Maximum Attachment Size = -1" # to # "Maximum Attachment Size = %rules-dir%/MaximumAttachmentSize.rules" # # Example values, adjust as needed # 1k = 1024 bytes # 10k = 10240 bytes # 100K = 102400 bytes # 1MB = 1024000 bytes # 10MB = 10240000 bytes # 100MB = 102400000 bytes # 250MB = 256000000 bytes # 500MB = 512000000 bytes # 1GB = 1024000000 bytes # # Size limits and Default should be smaller than the partition # where they are temporarily stored. ;-) # # Set addresses/domains to be limited as follows: # Direction Pattern Size Limit # From: user@good.domain.com 1024000 # Limit FROM specified user to 1MB # From: *@friendly.domain.com 10240000 # Limit FROM specified domain to 10MB # From: 123.234.567.2 1024000 # Limit FROM IP address to 1MB # From: 123.234. 1024000 # Limit FROM IP range to 1MB # From: /^192\.168\.13[4567]\./ 1024000 # Limit FROM IP range to 1MB # To: abc@xyz.com 0 # No Attachments allowed TO this user # To: *@yahoo.com 1024000 # Limit all TO this Domain to 1MB # To: user1@your.domain 102400 # Limit FROM specified user to 10Kbytes To: user2@your.domain 1024000 # Limit FROM specified user to 1MB To: user3@your.domain 10240000 # Limit FROM specified user to 10MB FromOrTo: default -1 # Default, No attachment Size Checking. -------------- next part -------------- Skipped content of type multipart/related From lox at birdy.nc Fri Feb 24 03:16:51 2006 From: lox at birdy.nc (Laurent Dinclaux) Date: Fri Feb 24 03:17:10 2006 Subject: Stopping? Message-ID: <43FE7AA3.2030906@birdy.nc> Hello, Something strange happens. Sometimes I notice that mail are no more scanned by mailscanner so I go on my server & notice mailscanner is running but effectively does not scan emails anymore. Have a look at my "hudge" logs and don't notice anything strange so i issue some commands: # service sendmail stop Arr?t de sendmail : [ OK ] Arr?t de sm-client : [FAILED] # /etc/init.d/MailScanner restart Shutting down MailScanner daemons: MailScanner: [ OK ] incoming sendmail: [ OK ] outgoing sendmail: [ OK ] Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: [ OK ] MailScanner: [ OK ] And everything is back up ;) This happens about once a week. I am running centos 4.2 updated. Best regards -- Laurent Dinclaux From craigwhite at azapple.com Fri Feb 24 03:33:50 2006 From: craigwhite at azapple.com (Craig White) Date: Fri Feb 24 03:34:01 2006 Subject: Stopping? In-Reply-To: <43FE7AA3.2030906@birdy.nc> References: <43FE7AA3.2030906@birdy.nc> Message-ID: <1140752030.9237.76.camel@lin-workstation.azapple.com> On Fri, 2006-02-24 at 14:16 +1100, Laurent Dinclaux wrote: > Hello, > > Something strange happens. Sometimes I notice that mail are no more > scanned by mailscanner so I go on my server & notice mailscanner is > running but effectively does not scan emails anymore. Have a look at my > "hudge" logs and don't notice anything strange so i issue some commands: > > # service sendmail stop > Arr?t de sendmail : [ OK ] > Arr?t de sm-client : [FAILED] > # /etc/init.d/MailScanner restart > Shutting down MailScanner daemons: > MailScanner: [ OK ] > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > Starting MailScanner daemons: > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > MailScanner: [ OK ] > > And everything is back up ;) > > This happens about once a week. I am running centos 4.2 updated. ---- try running... chkconfig sendmail off chkconfig MailScanner on I'm guessing that things get messed up when the logs rotate weekly Craig From lox at birdy.nc Fri Feb 24 04:14:27 2006 From: lox at birdy.nc (Laurent Dinclaux) Date: Fri Feb 24 04:14:39 2006 Subject: Stopping? In-Reply-To: <1140752030.9237.76.camel@lin-workstation.azapple.com> References: <43FE7AA3.2030906@birdy.nc> <1140752030.9237.76.camel@lin-workstation.azapple.com> Message-ID: <43FE8823.3000909@birdy.nc> > chkconfig sendmail off > chkconfig MailScanner on > > I'm guessing that things get messed up when the logs rotate weekly Hello, Thanks but I have already done that, but I have just noticed I have a K30sendmail: # cd /etc/rc3.d/ # ls -lh | grep sendmail lrwxrwxrwx 1 root root 18 f?v 23 17:06 K30sendmail ->../init.d/sendmail Should I delete it? Best Regards -- Laurent Dinclaux From lox at birdy.nc Fri Feb 24 04:15:59 2006 From: lox at birdy.nc (Laurent Dinclaux) Date: Fri Feb 24 04:16:09 2006 Subject: Stopping? In-Reply-To: <43FE8823.3000909@birdy.nc> References: <43FE7AA3.2030906@birdy.nc> <1140752030.9237.76.camel@lin-workstation.azapple.com> <43FE8823.3000909@birdy.nc> Message-ID: <43FE887F.7030707@birdy.nc> Laurent Dinclaux a ?crit : >> chkconfig sendmail off >> chkconfig MailScanner on >> >> I'm guessing that things get messed up when the logs rotate weekly > > Hello, > > Thanks but I have already done that, but I have just noticed I have a > K30sendmail: > > # cd /etc/rc3.d/ > # ls -lh | grep sendmail > lrwxrwxrwx 1 root root 18 f?v 23 17:06 K30sendmail ->../init.d/sendmail > > Should I delete it? > > Best Regards > Some more: # find /etc -name *sendmail /etc/pam.d/smtp.sendmail /etc/sysconfig/sendmail /etc/log.d/scripts/services/sendmail /etc/rc.d/rc2.d/K30sendmail /etc/rc.d/rc1.d/K30sendmail /etc/rc.d/init.d/sendmail /etc/rc.d/rc4.d/K30sendmail /etc/rc.d/rc3.d/K30sendmail /etc/rc.d/rc0.d/K30sendmail /etc/rc.d/rc6.d/K30sendmail /etc/rc.d/rc5.d/K30sendmail /etc/alternatives/mta-sendmail From realmcking at gmail.com Fri Feb 24 04:37:38 2006 From: realmcking at gmail.com (Mark McCoy) Date: Fri Feb 24 04:37:46 2006 Subject: Stopping? In-Reply-To: <43FE887F.7030707@birdy.nc> References: <43FE7AA3.2030906@birdy.nc> <1140752030.9237.76.camel@lin-workstation.azapple.com> <43FE8823.3000909@birdy.nc> <43FE887F.7030707@birdy.nc> Message-ID: On 2/23/06, Laurent Dinclaux wrote: > Laurent Dinclaux a ?crit : > >> chkconfig sendmail off > >> chkconfig MailScanner on > >> > >> I'm guessing that things get messed up when the logs rotate weekly > > > > Hello, > > > > Thanks but I have already done that, but I have just noticed I have a > > K30sendmail: > > > > # cd /etc/rc3.d/ > > # ls -lh | grep sendmail > > lrwxrwxrwx 1 root root 18 f?v 23 17:06 K30sendmail ->../init.d/sendmail > > > > Should I delete it? > > > > Best Regards > > > > Some more: > > # find /etc -name *sendmail > /etc/pam.d/smtp.sendmail > /etc/sysconfig/sendmail > /etc/log.d/scripts/services/sendmail > /etc/rc.d/rc2.d/K30sendmail > /etc/rc.d/rc1.d/K30sendmail > /etc/rc.d/init.d/sendmail > /etc/rc.d/rc4.d/K30sendmail > /etc/rc.d/rc3.d/K30sendmail > /etc/rc.d/rc0.d/K30sendmail > /etc/rc.d/rc6.d/K30sendmail > /etc/rc.d/rc5.d/K30sendmail > /etc/alternatives/mta-sendmail Don't erase any of these!! Well, you could erase the ''K30sendmail'' files since they simply make sure that sendmail is stopped when you leave that runlevel (when shutting down or going to single-user mode, etc...), but they aren't hurting anything if they are there. The other files in this list are absolutely necessary. Your problem might be caused when logrotate runs to rotate your logs. It could be creating the new log with the wrong user or wrong permissions, and the sendmail or mailscanner daemon dies because it can no longer write to the file it was writing to. I had a web server daemon that was doing that this week. Look in ''/etc/logrotate.d/'' for a sendmail or mailscanner log and make sure it has a setting for the same user/group that sendmail and/or mailscanner is running as. -- Mark McCoy -- Professional Unix geek "On two occasions I have been asked, 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. " -- Charles Babbage From craigwhite at azapple.com Fri Feb 24 04:39:25 2006 From: craigwhite at azapple.com (Craig White) Date: Fri Feb 24 04:39:34 2006 Subject: Stopping? In-Reply-To: <43FE8823.3000909@birdy.nc> References: <43FE7AA3.2030906@birdy.nc> <1140752030.9237.76.camel@lin-workstation.azapple.com> <43FE8823.3000909@birdy.nc> Message-ID: <1140755965.9237.88.camel@lin-workstation.azapple.com> On Fri, 2006-02-24 at 15:14 +1100, Laurent Dinclaux wrote: > > chkconfig sendmail off > > chkconfig MailScanner on > > > > I'm guessing that things get messed up when the logs rotate weekly > > Hello, > > Thanks but I have already done that, but I have just noticed I have a > K30sendmail: > > # cd /etc/rc3.d/ > # ls -lh | grep sendmail > lrwxrwxrwx 1 root root 18 f?v 23 17:06 K30sendmail ->../init.d/sendmail > > Should I delete it? ---- NO Craig From craigwhite at azapple.com Fri Feb 24 04:40:49 2006 From: craigwhite at azapple.com (Craig White) Date: Fri Feb 24 04:40:58 2006 Subject: Stopping? In-Reply-To: <43FE887F.7030707@birdy.nc> References: <43FE7AA3.2030906@birdy.nc> <1140752030.9237.76.camel@lin-workstation.azapple.com> <43FE8823.3000909@birdy.nc> <43FE887F.7030707@birdy.nc> Message-ID: <1140756049.9237.91.camel@lin-workstation.azapple.com> On Fri, 2006-02-24 at 15:15 +1100, Laurent Dinclaux wrote: > Laurent Dinclaux a ?crit : > >> chkconfig sendmail off > >> chkconfig MailScanner on > >> > >> I'm guessing that things get messed up when the logs rotate weekly > > > > Hello, > > > > Thanks but I have already done that, but I have just noticed I have a > > K30sendmail: > > > > # cd /etc/rc3.d/ > > # ls -lh | grep sendmail > > lrwxrwxrwx 1 root root 18 f?v 23 17:06 K30sendmail ->../init.d/sendmail > > > > Should I delete it? > > > > Best Regards > > > > Some more: > > # find /etc -name *sendmail > /etc/pam.d/smtp.sendmail > /etc/sysconfig/sendmail > /etc/log.d/scripts/services/sendmail > /etc/rc.d/rc2.d/K30sendmail > /etc/rc.d/rc1.d/K30sendmail > /etc/rc.d/init.d/sendmail > /etc/rc.d/rc4.d/K30sendmail > /etc/rc.d/rc3.d/K30sendmail > /etc/rc.d/rc0.d/K30sendmail > /etc/rc.d/rc6.d/K30sendmail > /etc/rc.d/rc5.d/K30sendmail > /etc/alternatives/mta-sendmail ---- looks ok to me how about (even though you said you already did it) chkconfig --list sendmail chkconfig --list MailScanner Craig From lox at birdy.nc Fri Feb 24 04:47:59 2006 From: lox at birdy.nc (Laurent Dinclaux) Date: Fri Feb 24 04:48:13 2006 Subject: Stopping? In-Reply-To: <1140756049.9237.91.camel@lin-workstation.azapple.com> References: <43FE7AA3.2030906@birdy.nc> <1140752030.9237.76.camel@lin-workstation.azapple.com> <43FE8823.3000909@birdy.nc> <43FE887F.7030707@birdy.nc> <1140756049.9237.91.camel@lin-workstation.azapple.com> Message-ID: <43FE8FFF.60407@birdy.nc> > chkconfig --list sendmail > > chkconfig --list MailScanner Here it is Craig # chkconfig --list sendmail sendmail 0:arr?t 1:arr?t 2:arr?t 3:arr?t 4:arr?t 5:arr?t 6:arr?t # chkconfig --list MailScanner MailScanner 0:arr?t 1:arr?t 2:marche 3:marche 4:marche 5:marche 6:arr?t In french "arr?t" stands for stop/off and "marche" for start/on. Thanks a lot. From lox at birdy.nc Fri Feb 24 04:56:06 2006 From: lox at birdy.nc (Laurent Dinclaux) Date: Fri Feb 24 04:56:17 2006 Subject: Stopping? In-Reply-To: References: <43FE7AA3.2030906@birdy.nc> <1140752030.9237.76.camel@lin-workstation.azapple.com> <43FE8823.3000909@birdy.nc> <43FE887F.7030707@birdy.nc> Message-ID: <43FE91E6.5030209@birdy.nc> > Your problem might be caused when logrotate runs to rotate your logs. > It could be creating the new log with the wrong user or wrong > permissions, and the sendmail or mailscanner daemon dies because it > can no longer write to the file it was writing to. I had a web server > daemon that was doing that this week. Look in ''/etc/logrotate.d/'' > for a sendmail or mailscanner log and make sure it has a setting for > the same user/group that sendmail and/or mailscanner is running as. Hello, Seems I have nothing related to sendmail and mailscanner, seems strange to me... Is it? # ls /etc/logrotate.d acpid clamav freshclam httpd mysqld named psacct rpm syslog vsftpd.log yum # cat /etc/logrotate.conf # see "man logrotate" for details # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create # uncomment this if you want your log files compressed #compress # RPM packages drop log rotation information into this directory include /etc/logrotate.d # no packages own wtmp -- we'll rotate them here /var/log/wtmp { monthly create 0664 root utmp rotate 1 } # system-specific logs may be also be configured here. Best regards -- Laurent Dinclaux Birdy Communication Responsable D?veloppement lox@birdy.nc Mobile : +687 849 272 T?l/fax : +687 278 888 From craigwhite at azapple.com Fri Feb 24 05:00:08 2006 From: craigwhite at azapple.com (Craig White) Date: Fri Feb 24 05:00:16 2006 Subject: Stopping? In-Reply-To: References: <43FE7AA3.2030906@birdy.nc> <1140752030.9237.76.camel@lin-workstation.azapple.com> <43FE8823.3000909@birdy.nc> <43FE887F.7030707@birdy.nc> Message-ID: <1140757208.9237.100.camel@lin-workstation.azapple.com> On Thu, 2006-02-23 at 22:37 -0600, Mark McCoy wrote: > On 2/23/06, Laurent Dinclaux wrote: > > Laurent Dinclaux a ?crit : > > >> chkconfig sendmail off > > >> chkconfig MailScanner on > > >> > > >> I'm guessing that things get messed up when the logs rotate weekly > > > > > > Hello, > > > > > > Thanks but I have already done that, but I have just noticed I have a > > > K30sendmail: > > > > > > # cd /etc/rc3.d/ > > > # ls -lh | grep sendmail > > > lrwxrwxrwx 1 root root 18 f?v 23 17:06 K30sendmail ->../init.d/sendmail > > > > > > Should I delete it? > > > > > > Best Regards > > > > > > > Some more: > > > > # find /etc -name *sendmail > > /etc/pam.d/smtp.sendmail > > /etc/sysconfig/sendmail > > /etc/log.d/scripts/services/sendmail > > /etc/rc.d/rc2.d/K30sendmail > > /etc/rc.d/rc1.d/K30sendmail > > /etc/rc.d/init.d/sendmail > > /etc/rc.d/rc4.d/K30sendmail > > /etc/rc.d/rc3.d/K30sendmail > > /etc/rc.d/rc0.d/K30sendmail > > /etc/rc.d/rc6.d/K30sendmail > > /etc/rc.d/rc5.d/K30sendmail > > /etc/alternatives/mta-sendmail > > > Don't erase any of these!! > > Well, you could erase the ''K30sendmail'' files since they simply make > sure that sendmail is stopped when you leave that runlevel (when > shutting down or going to single-user mode, etc...), but they aren't > hurting anything if they are there. The other files in this list are > absolutely necessary. ---- the K30 scripts are needed by MailScanner to 'stop' sendmail - don't remove ---- > > Your problem might be caused when logrotate runs to rotate your logs. > It could be creating the new log with the wrong user or wrong > permissions, and the sendmail or mailscanner daemon dies because it > can no longer write to the file it was writing to. I had a web server > daemon that was doing that this week. Look in ''/etc/logrotate.d/'' > for a sendmail or mailscanner log and make sure it has a setting for > the same user/group that sendmail and/or mailscanner is running as. ---- on CentOS 4... # cat /etc/logrotate.d/syslog /var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron { sharedscripts postrotate /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true endscript } rotation of /var/log/maillog seems to be entirely independent of user id for MTA. If I am mistaken, then someone will tell me. In short, once a week death of MailScanner would track if 'sendmail' service were set to 'on' for the runlevel but he has confirmed that it is indeed off. I simply don't know but the configuration seems to be correct. Craig From doron at crc.co.za Fri Feb 24 06:05:44 2006 From: doron at crc.co.za (Doron Shmaryahu) Date: Fri Feb 24 06:06:04 2006 Subject: MailScanner per user mail size limit Message-ID: <736056B20C569640AD384C4242646F2205EEF0@CTDC01.crc.localnet> Hi, thanks for response. I have done as suggested below. I changed the line to read:Maximum Attachment Size = /usr/local/etc/MailScanner/rules/MaximumAttachmentSize.rules I created a rule file contaiining the following: From: doron@crc.co.za 1024 FromOrTo: default -1 so in theory that should block anything from me bigger than 1k. I have also restarted MailScanner but it does not block it nothing. I have sent a couple of attachments above 200k but still nothing. I turned Debug = yes so i could check for errors and nothing. I see the correct size reporting from sendmal from=, size=317660. Is there anything else I am missing ? thanks again Doron ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Brad Beckenhauer Sent: 24 February 2006 05:14 AM To: MailScanner discussion Subject: Re: MailScanner per user mail size limit >>> Doron Shmaryahu 2/23/2006 4:22:49 PM >>> Hi, I have MailScanner 4.50.15 running on a FreeBSD 4.11 machine. All is working perfectly. I have read through the docs on creating per user mail limits but until now I have still not been able to make it work. I would like the rule file to control mail size limits for each user. Are there any problems with this ? Could someone provide me a example rule file or any hints/docs would be appreciated. Thanks in advance Doron -- This shoudl work for you. Create this file "MaximumAttachmentSize.rules" in your "rules" directory and modify your MailScanner.conf as noted. # # File Location/Name: # %rules-dir%/MaximumAttachmentSize.rules # # This is where you can build a ruleslist # that allows you to specify attachment size limits in bytes # # In MailScanner.conf change: # "Maximum Attachment Size = -1" # to # "Maximum Attachment Size = %rules-dir%/MaximumAttachmentSize.rules" # # Example values, adjust as needed # 1k = 1024 bytes # 10k = 10240 bytes # 100K = 102400 bytes # 1MB = 1024000 bytes # 10MB = 10240000 bytes # 100MB = 102400000 bytes # 250MB = 256000000 bytes # 500MB = 512000000 bytes # 1GB = 1024000000 bytes # # Size limits and Default should be smaller than the partition # where they are temporarily stored. ;-) # # Set addresses/domains to be limited as follows: # Direction Pattern Size Limit # From: user@good.domain.com 1024000 # Limit FROM specified user to 1MB # From: *@friendly.domain.com 10240000 # Limit FROM specified domain to 10MB # From: 123.234.567.2 1024000 # Limit FROM IP address to 1MB # From: 123.234. 1024000 # Limit FROM IP range to 1MB # From: /^192\.168\.13[4567]\./ 1024000 # Limit FROM IP range to 1MB # To: abc@xyz.com 0 # No Attachments allowed TO this user # To: *@yahoo.com 1024000 # Limit all TO this Domain to 1MB # To: user1@your.domain 102400 # Limit FROM specified user to 10Kbytes To: user2@your.domain 1024000 # Limit FROM specified user to 1MB To: user3@your.domain 10240000 # Limit FROM specified user to 10MB FromOrTo: default -1 # Default, No attachment Size Checking. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060224/bb6ec185/attachment.html From doron at crc.co.za Fri Feb 24 08:11:26 2006 From: doron at crc.co.za (Doron Shmaryahu) Date: Fri Feb 24 08:11:51 2006 Subject: MailScanner per user mail size limit Message-ID: <736056B20C569640AD384C4242646F2202C92D@CTDC01.crc.localnet> >>>>Brad Beckenhauer 24 February 2006 05:14 AM>>>> This shoudl work for you. Create this file "MaximumAttachmentSize.rules" in your "rules" directory and modify your MailScanner.conf as noted. # # File Location/Name: # %rules-dir%/MaximumAttachmentSize.rules # # This is where you can build a ruleslist # that allows you to specify attachment size limits in bytes # # In MailScanner.conf change: # "Maximum Attachment Size = -1" # to # "Maximum Attachment Size = %rules-dir%/MaximumAttachmentSize.rules" # # Example values, adjust as needed # 1k = 1024 bytes # 10k = 10240 bytes # 100K = 102400 bytes # 1MB = 1024000 bytes # 10MB = 10240000 bytes # 100MB = 102400000 bytes # 250MB = 256000000 bytes # 500MB = 512000000 bytes # 1GB = 1024000000 bytes # # Size limits and Default should be smaller than the partition # where they are temporarily stored. ;-) # # Set addresses/domains to be limited as follows: # Direction Pattern Size Limit # From: user@good.domain.com 1024000 # Limit FROM specified user to 1MB # From: *@friendly.domain.com 10240000 # Limit FROM specified domain to 10MB # From: 123.234.567.2 1024000 # Limit FROM IP address to 1MB # From: 123.234. 1024000 # Limit FROM IP range to 1MB # From: /^192\.168\.13[4567]\./ 1024000 # Limit FROM IP range to 1MB # To: abc@xyz.com 0 # No Attachments allowed TO this user # To: *@yahoo.com 1024000 # Limit all TO this Domain to 1MB # To: user1@your.domain 102400 # Limit FROM specified user to 10Kbytes To: user2@your.domain 1024000 # Limit FROM specified user to 1MB To: user3@your.domain 10240000 # Limit FROM specified user to 10MB FromOrTo: default -1 # Default, No attachment Size Checking ------------------- Hi All, I have done some more testing. I have set: Maximum Attachment Size = 0 to stop all attachments from being delivered this has no impact at all. I have tested this configuration on two different mailscanner installations and both do the same. Obviously there must be something wrong with my config somewhere as it is not reading the Maximum Attachment Size = 0 directive. The attachments pass through with no problem. I would assume it is not taking the configuration, or I have not set something else. Would there be anything else I would have to set in the MailScanner.conf file besides Maximum Attachment Size = 0 ? thanks again for all the help Doron ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doron Shmaryahu Sent: Friday, February 24, 2006 8:06 AM To: MailScanner discussion Subject: RE: MailScanner per user mail size limit Hi, thanks for response. I have done as suggested below. I changed the line to read:Maximum Attachment Size = /usr/local/etc/MailScanner/rules/MaximumAttachmentSize.rules I created a rule file contaiining the following: From: doron@crc.co.za 1024 FromOrTo: default -1 so in theory that should block anything from me bigger than 1k. I have also restarted MailScanner but it does not block it nothing. I have sent a couple of attachments above 200k but still nothing. I turned Debug = yes so i could check for errors and nothing. I see the correct size reporting from sendmal from=, size=317660. Is there anything else I am missing ? thanks again Doron ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Brad Beckenhauer Sent: 24 February 2006 05:14 AM To: MailScanner discussion Subject: Re: MailScanner per user mail size limit >>> Doron Shmaryahu 2/23/2006 4:22:49 PM >>> Hi, I have MailScanner 4.50.15 running on a FreeBSD 4.11 machine. All is working perfectly. I have read through the docs on creating per user mail limits but until now I have still not been able to make it work. I would like the rule file to control mail size limits for each user. Are there any problems with this ? Could someone provide me a example rule file or any hints/docs would be appreciated. Thanks in advance Doron -- This shoudl work for you. Create this file "MaximumAttachmentSize.rules" in your "rules" directory and modify your MailScanner.conf as noted. # # File Location/Name: # %rules-dir%/MaximumAttachmentSize.rules # # This is where you can build a ruleslist # that allows you to specify attachment size limits in bytes # # In MailScanner.conf change: # "Maximum Attachment Size = -1" # to # "Maximum Attachment Size = %rules-dir%/MaximumAttachmentSize.rules" # # Example values, adjust as needed # 1k = 1024 bytes # 10k = 10240 bytes # 100K = 102400 bytes # 1MB = 1024000 bytes # 10MB = 10240000 bytes # 100MB = 102400000 bytes # 250MB = 256000000 bytes # 500MB = 512000000 bytes # 1GB = 1024000000 bytes # # Size limits and Default should be smaller than the partition # where they are temporarily stored. ;-) # # Set addresses/domains to be limited as follows: # Direction Pattern Size Limit # From: user@good.domain.com 1024000 # Limit FROM specified user to 1MB # From: *@friendly.domain.com 10240000 # Limit FROM specified domain to 10MB # From: 123.234.567.2 1024000 # Limit FROM IP address to 1MB # From: 123.234. 1024000 # Limit FROM IP range to 1MB # From: /^192\.168\.13[4567]\./ 1024000 # Limit FROM IP range to 1MB # To: abc@xyz.com 0 # No Attachments allowed TO this user # To: *@yahoo.com 1024000 # Limit all TO this Domain to 1MB # To: user1@your.domain 102400 # Limit FROM specified user to 10Kbytes To: user2@your.domain 1024000 # Limit FROM specified user to 1MB To: user3@your.domain 10240000 # Limit FROM specified user to 10MB FromOrTo: default -1 # Default, No attachment Size Checking. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060224/c2a3bdcd/attachment.html From P.G.M.Peters at utwente.nl Fri Feb 24 08:50:57 2006 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Fri Feb 24 08:51:02 2006 Subject: Beta 4.51.2: "Use TNEF Contents" In-Reply-To: <43FE26D4.2070600@ecs.soton.ac.uk> References: <43FE26D4.2070600@ecs.soton.ac.uk> Message-ID: <43FEC8F1.6080406@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote on 23-2-2006 22:19: > Download 4.51.2 from www.mailscanner.info as usual. I did and upgraded from 4.50.8. When I used --lint I got an error but when I started MS it worked like it should (at least it looks like it). This is the relevant part of the --lint: mail@netlx094:/etc/MailScanner> /usr/sbin/MailScanner -lint Read 701 hostnames from the phishing whitelist Cannot write pid file , No such file or directory at /usr/sbin/MailScanner line 1238 MailScanner setting GID to (12) MailScanner setting UID to (8) - -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFD/sjxelLo80lrIdIRAmBQAKCbiOcUOmMM537GNpGO0WniII6KtgCfbCAI ymf8RnCP/Je3zPgpxfUF5QM= =aUnd -----END PGP SIGNATURE----- From carinus.carelse at mrc.ac.za Fri Feb 24 09:25:43 2006 From: carinus.carelse at mrc.ac.za (carinus.carelse@mrc.ac.za) Date: Fri Feb 24 09:26:01 2006 Subject: MailScanner per user mail size limit In-Reply-To: <736056B20C569640AD384C4242646F2205EEF0@CTDC01.crc.localnet> Message-ID: Try some Permutation of the following I think this might work. Not sure tho. From: doron@crc.co.za 1024 Yes FromOrTo: default -1 No Carinus "Doron Shmaryahu" Sent by: mailscanner-bounces@lists.mailscanner.info 2006/02/24 08:05 Please respond to MailScanner discussion To "MailScanner discussion" cc Subject RE: MailScanner per user mail size limit Hi, thanks for response. I have done as suggested below. I changed the line to read:Maximum Attachment Size = /usr/local/etc/MailScanner/rules/MaximumAttachmentSize.rules I created a rule file contaiining the following: From: doron@crc.co.za 1024 FromOrTo: default -1 so in theory that should block anything from me bigger than 1k. I have also restarted MailScanner but it does not block it nothing. I have sent a couple of attachments above 200k but still nothing. I turned Debug = yes so i could check for errors and nothing. I see the correct size reporting from sendmal from=, size=317660. Is there anything else I am missing ? thanks again Doron From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Brad Beckenhauer Sent: 24 February 2006 05:14 AM To: MailScanner discussion Subject: Re: MailScanner per user mail size limit >>> Doron Shmaryahu 2/23/2006 4:22:49 PM >>> Hi, I have MailScanner 4.50.15 running on a FreeBSD 4.11 machine. All is working perfectly. I have read through the docs on creating per user mail limits but until now I have still not been able to make it work. I would like the rule file to control mail size limits for each user. Are there any problems with this ? Could someone provide me a example rule file or any hints/docs would be appreciated. Thanks in advance Doron -- This shoudl work for you. Create this file "MaximumAttachmentSize.rules" in your "rules" directory and modify your MailScanner.conf as noted. # # File Location/Name: # %rules-dir%/MaximumAttachmentSize.rules # # This is where you can build a ruleslist # that allows you to specify attachment size limits in bytes # # In MailScanner.conf change: # "Maximum Attachment Size = -1" # to # "Maximum Attachment Size = %rules-dir%/MaximumAttachmentSize.rules" # # Example values, adjust as needed # 1k = 1024 bytes # 10k = 10240 bytes # 100K = 102400 bytes # 1MB = 1024000 bytes # 10MB = 10240000 bytes # 100MB = 102400000 bytes # 250MB = 256000000 bytes # 500MB = 512000000 bytes # 1GB = 1024000000 bytes # # Size limits and Default should be smaller than the partition # where they are temporarily stored. ;-) # # Set addresses/domains to be limited as follows: # Direction Pattern Size Limit # From: user@good.domain.com 1024000 # Limit FROM specified user to 1MB # From: *@friendly.domain.com 10240000 # Limit FROM specified domain to 10MB # From: 123.234.567.2 1024000 # Limit FROM IP address to 1MB # From: 123.234. 1024000 # Limit FROM IP range to 1MB # From: /^192\.168\.13[4567]\./ 1024000 # Limit FROM IP range to 1MB # To: abc@xyz.com 0 # No Attachments allowed TO this user # To: *@yahoo.com 1024000 # Limit all TO this Domain to 1MB # To: user1@your.domain 102400 # Limit FROM specified user to 10Kbytes To: user2@your.domain 1024000 # Limit FROM specified user to 1MB To: user3@your.domain 10240000 # Limit FROM specified user to 10MB FromOrTo: default -1 # Default, No attachment Size Checking. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This e-mail and its contents are subject to the South African Medical Research Council e-mail legal notice available at http://www.mrc.ac.za/about/EmailLegalNotice.htm -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060224/1d911fd1/attachment.html From prandal at herefordshire.gov.uk Fri Feb 24 10:42:48 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Feb 24 10:43:30 2006 Subject: MailScanner Ports ? Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580B5DD16F@isabella.herefordshire.gov.uk> Razor: 7/tcp and 2703/tcp (outgoing) Pyzor: 24441/udp (outgoing) DCC: 6277/udp (outgoing) ntp: 123/udp (outgoing) (you do want the server time to be correct, don't you?) ssh: 22/tcp (incoming) smtp: 25/tcp (in and out and shake it all about) dns: 53/tcp and 53/udp (outgoing) (you need both) http: 80/tcp (outgoing) used by freshclam (and incoming if you run mailwatch) Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of spart cus Sent: 24 February 2006 00:22 To: MailScanner Cc: jcb@dreamvsat.ph Subject: MailScanner Ports ? Hi guys, im securing my mail server.Just want to ask what port does MS uses ? Like for updating viruses(CLamAV) and spamlists (SpamAssassin). I already open ports 25; and 110, what else ? tnx ________________________________ Yahoo! Mail Use Photomail to share photos without annoying attachments. From andoni.auzmendi at robertwalters.com Fri Feb 24 11:45:45 2006 From: andoni.auzmendi at robertwalters.com (Andoni Auzmendi) Date: Fri Feb 24 11:46:29 2006 Subject: MailScanner Ports ? Message-ID: <1A8B0BB098059B42BCFF0EB7E2E62FD06F600B@PAT.internal.robertwalters.com> 53/tcp is used for zones transfers among dns servers. Hence you only need 53/tcp if dns server is running on it and it is either a master or slave server. 53/tcp is not needed for caching only dns servers. If the MS box is not running a dns server you will need 53/udp incoming only. Master or Slave DNS: 53/tcp in/out, 53/udp in/out Caching DNS: 53/udp in, (out if any other box uses this dns). No DNS: 53/udp in Andoni -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, Phil Sent: 24 February 2006 10:43 To: MailScanner discussion Subject: RE: MailScanner Ports ? Razor: 7/tcp and 2703/tcp (outgoing) Pyzor: 24441/udp (outgoing) DCC: 6277/udp (outgoing) ntp: 123/udp (outgoing) (you do want the server time to be correct, don't you?) ssh: 22/tcp (incoming) smtp: 25/tcp (in and out and shake it all about) dns: 53/tcp and 53/udp (outgoing) (you need both) http: 80/tcp (outgoing) used by freshclam (and incoming if you run mailwatch) Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of spart cus Sent: 24 February 2006 00:22 To: MailScanner Cc: jcb@dreamvsat.ph Subject: MailScanner Ports ? Hi guys, im securing my mail server.Just want to ask what port does MS uses ? Like for updating viruses(CLamAV) and spamlists (SpamAssassin). I already open ports 25; and 110, what else ? tnx ________________________________ Yahoo! Mail Use Photomail to share photos without annoying attachments. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** From MailScanner at ecs.soton.ac.uk Fri Feb 24 12:10:20 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 24 12:10:39 2006 Subject: MailScanner Ports ? In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580B5DD16F@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580B5DD16F@isabella.herefordshire.gov.uk> Message-ID: <56DA4619-27B6-4934-A7A2-6992F0A13B5B@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Is this in the wiki? If not, please can you add it! On 24 Feb 2006, at 10:42, Randal, Phil wrote: > Razor: 7/tcp and 2703/tcp (outgoing) > > Pyzor: 24441/udp (outgoing) > > DCC: 6277/udp (outgoing) > > ntp: 123/udp (outgoing) (you do want the server time to be > correct, don't you?) > > ssh: 22/tcp (incoming) > > smtp: 25/tcp (in and out and shake it all about) > > dns: 53/tcp and 53/udp (outgoing) (you need both) > > http: 80/tcp (outgoing) used by freshclam (and incoming if > you run mailwatch) > > Cheers, > > Phil > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > > > ________________________________ > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of spart > cus > Sent: 24 February 2006 00:22 > To: MailScanner > Cc: jcb@dreamvsat.ph > Subject: MailScanner Ports ? > > > Hi guys, > im securing my mail server.Just want to ask what port does MS > uses ? Like for updating viruses(CLamAV) and spamlists > (SpamAssassin). I > already open ports 25; and 110, what else ? > tnx > > > > > ________________________________ > > Yahoo! Mail > Use Photomail > photomail > .mail.yahoo.com> to share photos without annoying attachments. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBQ/73rvw32o+k+q+hAQEviQf/eBr1kwi7eO6qLyV3xbNgcm2/etTa4tze n/C4WRdzGFE07jLyp3T7vt9FqRXJqaU1Zra5vlJbTN7cP1SC2AGHvRy47ZUZRGSW UItMBw9onbFmh+aC1KbWb+2IlqSPMOWd3bHCfgJi2E/BOM3qMa0MlSCOn1spLuDz RhCppYeY/LU9Qj4hHr9lflwa1QIcbreXN2GgEkipiQFlyW3V/jL6BVB58d7R7Fxb BhCQI7/e4DGHDr1ccZ2mo0D6TcJisPqtEp8M8QVTclDKpMCTT36NeiF4DomVK8iW CoeQiP1G45aMR71xWR+H+1I2zOoVXiSEDxZlZfZ1FJ+6GPtYw1H6rg== =Qcnh -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Fri Feb 24 13:06:38 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Feb 24 13:06:54 2006 Subject: MailScanner Ports ? Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580B5DD18E@isabella.herefordshire.gov.uk> Wrong!!!!!!!!!!!!!!!! If a DNS reply can't fit into a single udp packet then 53/tcp is needed too. And as you're not in charge of the big bad world out there, it's not something you can decide a priori. This hit a lot of MailScanner users a while back when ClamAV had a lot of A records for their database servers. So I stand by what I said. For proper functioning of DNS, TCP and UDP ports 53 are needed. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Andoni Auzmendi > Sent: 24 February 2006 11:46 > To: MailScanner discussion > Subject: RE: MailScanner Ports ? > > 53/tcp is used for zones transfers among dns servers. > > Hence you only need 53/tcp if dns server is running on it and > it is either a master or slave server. 53/tcp is not needed > for caching only dns servers. > > If the MS box is not running a dns server you will need > 53/udp incoming only. > > Master or Slave DNS: 53/tcp in/out, 53/udp in/out Caching > DNS: 53/udp in, (out if any other box uses this dns). > No DNS: 53/udp in > > Andoni > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Randal, Phil > Sent: 24 February 2006 10:43 > To: MailScanner discussion > Subject: RE: MailScanner Ports ? > > Razor: 7/tcp and 2703/tcp (outgoing) > > Pyzor: 24441/udp (outgoing) > > DCC: 6277/udp (outgoing) > > ntp: 123/udp (outgoing) (you do want the server time to be > correct, don't you?) > > ssh: 22/tcp (incoming) > > smtp: 25/tcp (in and out and shake it all about) > > dns: 53/tcp and 53/udp (outgoing) (you need both) > > http: 80/tcp (outgoing) used by freshclam (and incoming if > you run mailwatch) > > Cheers, > > Phil > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > > > ________________________________ > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of spart cus > Sent: 24 February 2006 00:22 > To: MailScanner > Cc: jcb@dreamvsat.ph > Subject: MailScanner Ports ? > > > Hi guys, > im securing my mail server.Just want to ask what port > does MS uses ? Like for updating viruses(CLamAV) and > spamlists (SpamAssassin). I already open ports 25; and 110, > what else ? > tnx > > > > > ________________________________ > > Yahoo! Mail > Use Photomail > /photomail > .mail.yahoo.com> to share photos without annoying attachments. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity > to whom they are addressed. If you have received this email > in error please notify the system manager. > > This footnote also confirms that this email message has been > swept by MIMEsweeper for the presence of computer viruses. > > www.mimesweeper.com > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From prandal at herefordshire.gov.uk Fri Feb 24 13:10:49 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Feb 24 13:11:00 2006 Subject: MailScanner Ports ? Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580B5DD18F@isabella.herefordshire.gov.uk> We've got no power here at the moment (apart from our comms room) so I'll have to look at it when I'm on a PC whith a proper keyboard and mouse and not this laptop :-) Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: 24 February 2006 12:10 > To: MailScanner discussion > Subject: Re: MailScanner Ports ? > > -----BEGIN PGP SIGNED MESSAGE----- > > Is this in the wiki? If not, please can you add it! > > On 24 Feb 2006, at 10:42, Randal, Phil wrote: > > > Razor: 7/tcp and 2703/tcp (outgoing) > > > > Pyzor: 24441/udp (outgoing) > > > > DCC: 6277/udp (outgoing) > > > > ntp: 123/udp (outgoing) (you do want the > server time to be > > correct, don't you?) > > > > ssh: 22/tcp (incoming) > > > > smtp: 25/tcp (in and out and shake it all about) > > > > dns: 53/tcp and 53/udp (outgoing) (you need both) > > > > http: 80/tcp (outgoing) used by freshclam > (and incoming if > > you run mailwatch) > > > > Cheers, > > > > Phil > > > > ---- > > Phil Randal > > Network Engineer > > Herefordshire Council > > Hereford, UK > > > > > > > > > > ________________________________ > > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of spart > > cus > > Sent: 24 February 2006 00:22 > > To: MailScanner > > Cc: jcb@dreamvsat.ph > > Subject: MailScanner Ports ? > > > > > > Hi guys, > > im securing my mail server.Just want to ask what port > does MS uses ? > > Like for updating viruses(CLamAV) and spamlists (SpamAssassin). I > > already open ports 25; and 110, what else ? > > tnx > > > > > > > > > > ________________________________ > > > > Yahoo! Mail > > Use Photomail > > > photomail > > .mail.yahoo.com> to share photos without annoying attachments. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store PGP > footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQEVAwUBQ/73rvw32o+k+q+hAQEviQf/eBr1kwi7eO6qLyV3xbNgcm2/etTa4tze > n/C4WRdzGFE07jLyp3T7vt9FqRXJqaU1Zra5vlJbTN7cP1SC2AGHvRy47ZUZRGSW > UItMBw9onbFmh+aC1KbWb+2IlqSPMOWd3bHCfgJi2E/BOM3qMa0MlSCOn1spLuDz > RhCppYeY/LU9Qj4hHr9lflwa1QIcbreXN2GgEkipiQFlyW3V/jL6BVB58d7R7Fxb > BhCQI7/e4DGHDr1ccZ2mo0D6TcJisPqtEp8M8QVTclDKpMCTT36NeiF4DomVK8iW > CoeQiP1G45aMR71xWR+H+1I2zOoVXiSEDxZlZfZ1FJ+6GPtYw1H6rg== > =Qcnh > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From housey at sme-ecom.co.uk Fri Feb 24 13:11:11 2006 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Fri Feb 24 13:11:18 2006 Subject: Ruleset Syntax Message-ID: Hi Ive set a ruleset as follows Scan Messages = %rules-dir%/scan.messages.rules In %rules-dir/scan.message.rules I have From: user@domain1.com and To: *@domain2.com no To: *@domain2.com yes FromOrTo: default no When im sending an email from user@domain1.com to anyone@domain2.com the message IS being scanned? Have I got the syntax wrong here? Thanks Paul From steve.swaney at fsl.com Fri Feb 24 13:23:38 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Fri Feb 24 13:23:41 2006 Subject: MailScanner Ports ? In-Reply-To: <1A8B0BB098059B42BCFF0EB7E2E62FD06F600B@PAT.internal.robertwalters.com> Message-ID: <008901c63945$85d9d4d0$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Andoni Auzmendi > Sent: Friday, February 24, 2006 6:46 AM > To: MailScanner discussion > Subject: RE: MailScanner Ports ? > > 53/tcp is used for zones transfers among dns servers. > > Hence you only need 53/tcp if dns server is running on it and it is > either a master or slave server. 53/tcp is not needed for caching only > dns servers. > > If the MS box is not running a dns server you will need 53/udp incoming > only. > > Master or Slave DNS: 53/tcp in/out, 53/udp in/out > Caching DNS: 53/udp in, (out if any other box uses this dns). > No DNS: 53/udp in > > Andoni > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, > Phil > Sent: 24 February 2006 10:43 > To: MailScanner discussion > Subject: RE: MailScanner Ports ? > > Razor: 7/tcp and 2703/tcp (outgoing) According to the Razor site, port 7 is no longer used: "Outgoing TCP port 2703 (Razor2), only. Previous versions used TCP port 7 (echo), but this is no longer used." > > Pyzor: 24441/udp (outgoing) > > DCC: 6277/udp (outgoing) > > ntp: 123/udp (outgoing) (you do want the server time to be > correct, don't you?) > > ssh: 22/tcp (incoming) > > smtp: 25/tcp (in and out and shake it all about) > > dns: 53/tcp and 53/udp (outgoing) (you need both) > > http: 80/tcp (outgoing) used by freshclam (and incoming if > you run mailwatch) > > Cheers, > > Phil > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From zichovsky at trul.cz Fri Feb 24 14:14:15 2006 From: zichovsky at trul.cz (Pavel Zichovsky) Date: Fri Feb 24 14:14:32 2006 Subject: OT Advice for server reinstalation Message-ID: <000f01c6394c$9b207090$1601a8c0@NBZICHOVSKY2> Hi There! My old RedHat 7 on server is comming to end of life, as some things are not working correctly (but vital services like mail server and MS are still runing OK) so I am preparing for clean neew OS install on same (old) hardware. HW is pretty old, it is PIII900 with 256MB RAM, SCSI HDDs on Mylex AcceleRAID 170 PCI RAID Controller (one RAID0 array) (Yes, I know that 256MB is low, but it realy was enough in our enviroment, swaping occured only in rare occasions.) I can't get new HW, have to use this one. I am asking for advice which Linux distribution and products to use. Distribution have to be completely free (fully downloadable from internet), must be rpm compatible (or other packaging system, but rpm is preffered), must support my old HW (with RAID card), must be "admin friendly" as I am not "big linux guru". Main Services which will be run on server (which are running also now) Sendmail POP3/IMAP (what to use here? Dovecot? Courrier? Something else?) Apache MailScanner SpamAssassin MailWatch Samba WebMin MySQL FireBird DHCP, DNS and firewall are running on other servers I am thinking of Fedora Core 4 distribution. But I am open for other suggestion from more knowlegeable people here. Thanks in advance for suggestions. With regards Pavel Zichovsky (zichovsky@trul) From support-lists at petdoctors.co.uk Fri Feb 24 14:18:08 2006 From: support-lists at petdoctors.co.uk (Nigel kendrick) Date: Fri Feb 24 14:18:35 2006 Subject: MailScanner Ports ? In-Reply-To: <008901c63945$85d9d4d0$287ba8c0@office.fsl> Message-ID: <02fa01c6394d$23f9b430$1465a8c0@support01> If any users are having to fight their way past their ISP's mail servers, (AOL springs to mind), you might need 587/TCP inbound open too. NK -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Stephen Swaney Sent: 24 February 2006 13:24 To: 'MailScanner discussion' Subject: RE: MailScanner Ports ? > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Andoni Auzmendi > Sent: Friday, February 24, 2006 6:46 AM > To: MailScanner discussion > Subject: RE: MailScanner Ports ? > > 53/tcp is used for zones transfers among dns servers. > > Hence you only need 53/tcp if dns server is running on it and it is > either a master or slave server. 53/tcp is not needed for caching only > dns servers. > > If the MS box is not running a dns server you will need 53/udp > incoming only. > > Master or Slave DNS: 53/tcp in/out, 53/udp in/out Caching DNS: 53/udp > in, (out if any other box uses this dns). > No DNS: 53/udp in > > Andoni > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Randal, Phil > Sent: 24 February 2006 10:43 > To: MailScanner discussion > Subject: RE: MailScanner Ports ? > > Razor: 7/tcp and 2703/tcp (outgoing) According to the Razor site, port 7 is no longer used: "Outgoing TCP port 2703 (Razor2), only. Previous versions used TCP port 7 (echo), but this is no longer used." > > Pyzor: 24441/udp (outgoing) > > DCC: 6277/udp (outgoing) > > ntp: 123/udp (outgoing) (you do want the server time to be > correct, don't you?) > > ssh: 22/tcp (incoming) > > smtp: 25/tcp (in and out and shake it all about) > > dns: 53/tcp and 53/udp (outgoing) (you need both) > > http: 80/tcp (outgoing) used by freshclam (and incoming if > you run mailwatch) > > Cheers, > > Phil > > ---- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From support-lists at petdoctors.co.uk Fri Feb 24 14:24:02 2006 From: support-lists at petdoctors.co.uk (Nigel kendrick) Date: Fri Feb 24 14:24:24 2006 Subject: OT Advice for server reinstalation In-Reply-To: <000f01c6394c$9b207090$1601a8c0@NBZICHOVSKY2> Message-ID: <02fc01c6394d$f5abf470$1465a8c0@support01> I'd skip Fedora and put CentOS top of the list - it's a generic recompile of Red Hat Advanced Server - I'm running it on 5 servers. www.centos.org NK -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Pavel Zichovsky Sent: 24 February 2006 14:14 To: mailscanner@lists.mailscanner.info Subject: OT Advice for server reinstalation Hi There! My old RedHat 7 on server is comming to end of life, as some things are not working correctly (but vital services like mail server and MS are still runing OK) so I am preparing for clean neew OS install on same (old) hardware. HW is pretty old, it is PIII900 with 256MB RAM, SCSI HDDs on Mylex AcceleRAID 170 PCI RAID Controller (one RAID0 array) (Yes, I know that 256MB is low, but it realy was enough in our enviroment, swaping occured only in rare occasions.) I can't get new HW, have to use this one. I am asking for advice which Linux distribution and products to use. Distribution have to be completely free (fully downloadable from internet), must be rpm compatible (or other packaging system, but rpm is preffered), must support my old HW (with RAID card), must be "admin friendly" as I am not "big linux guru". Main Services which will be run on server (which are running also now) Sendmail POP3/IMAP (what to use here? Dovecot? Courrier? Something else?) Apache MailScanner SpamAssassin MailWatch Samba WebMin MySQL FireBird DHCP, DNS and firewall are running on other servers I am thinking of Fedora Core 4 distribution. But I am open for other suggestion from more knowlegeable people here. Thanks in advance for suggestions. With regards Pavel Zichovsky (zichovsky@trul) -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From shuttlebox at gmail.com Fri Feb 24 14:25:42 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Feb 24 14:25:45 2006 Subject: OT Advice for server reinstalation In-Reply-To: <000f01c6394c$9b207090$1601a8c0@NBZICHOVSKY2> References: <000f01c6394c$9b207090$1601a8c0@NBZICHOVSKY2> Message-ID: <625385e30602240625ubba195fja99afb68ae6e4653@mail.gmail.com> On 2/24/06, Pavel Zichovsky wrote: > > I am thinking of Fedora Core 4 distribution. But I am open for other > suggestion from more knowlegeable people here. > I run FC on several servers and have no problems with it. I add apt to it to allow easier management of packages. FC5 is just around the corner by the way. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060224/89645254/attachment.html From support-lists at petdoctors.co.uk Fri Feb 24 14:25:51 2006 From: support-lists at petdoctors.co.uk (Nigel kendrick) Date: Fri Feb 24 14:26:19 2006 Subject: MailScanner Ports ? In-Reply-To: <02fa01c6394d$23f9b430$1465a8c0@support01> Message-ID: <02fd01c6394e$382fd910$1465a8c0@support01> Oops - make that 587 in/out. NK -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Nigel kendrick Sent: 24 February 2006 14:18 To: 'MailScanner discussion' Subject: RE: MailScanner Ports ? If any users are having to fight their way past their ISP's mail servers, (AOL springs to mind), you might need 587/TCP inbound open too. NK From MailScanner at ecs.soton.ac.uk Fri Feb 24 14:26:28 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 24 14:26:36 2006 Subject: Ruleset Syntax In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 24 Feb 2006, at 13:11, Paul Houselander wrote: > Hi > > Ive set a ruleset as follows > > Scan Messages = %rules-dir%/scan.messages.rules > > In %rules-dir/scan.message.rules I have > > From: user@domain1.com and To: *@domain2.com no > To: *@domain2.com yes > FromOrTo: default no > > When im sending an email from user@domain1.com to > anyone@domain2.com the > message IS being scanned? > > Have I got the syntax wrong here? Looks like the Scan Messages setting is an "all matches" rule. If any rule for this option says "yes" then the message will be scanned. What you are looking for is a "first match" rule so that it stops searching the rules after the first hit and uses that setting. I went for "all matches" for this one on the basis that you normally want to tend towards scanning the message if any of the recipients match a rule that says yes. You only want to _not_ scan it if all the rules say no. If you are prepared to apply a quick patch, edit /usr/lib/MailScanner/ MailScanner/ConfigDefs.pl. Find the line that starts with "ScanMail" and move it from the [All,YesNo] section into the [First,YesNo] section. Then restart MailScanner. "ScanMail" is the internal name I used when implementing the code for the setting that eventually got called "Scan Messages"; there is an internal to external translation table at the top of that file. Having a feature like being able to break out of a ruleset if a rule matched would be helpful in situations like this, but I hate playing with the configuration compiler. It works very well and is roughly 3000 lines of complicated code. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBQ/8Xlfw32o+k+q+hAQHkygf/VHaYwgSCaKW0ti7jSJmAhQeUIQI6lIaw mOigmVkB/w0CVvoG1PaWoQFupnVQAZ2dOgT+oeXjPRYZQDkoVoVdpwjpvIeDB9cN Wico3GTvvwd1Zwl9ICAyuKFIU1+wX+Mz5z0SIT4+qLXdptFWzdC3O3J8ch4bG54g TQkdkCKuSJg+szMjubxJWZM1BZwPBCk2OlWDWdrpjNVGBxmthWUgNHNv+Q4fhku5 ZXlMRuJ/nC+2G9C/aKIiKwZvE6lpHgxGEY63qRNqbGcrEVgOtl1bRK1EFZ6RT48t 8VombOPUDGcx5TnAE9TVBu35jJ7qdxjhPD1v7g7iQ/qtxGX6p3rjFg== =Srk8 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From tjones at isthmus.com Fri Feb 24 14:30:16 2006 From: tjones at isthmus.com (Thom Jones) Date: Fri Feb 24 14:33:18 2006 Subject: OT Advice for server reinstalation In-Reply-To: <000f01c6394c$9b207090$1601a8c0@NBZICHOVSKY2> Message-ID: <200602241433.k1OEX3Q2022501@mail.isthmus.com> I've had very good luck with CentOS (www.centos.org). Essentially, it is a RedHat clone. I'm running it on similar hardware (512Mb, though) and it works great. Security updates notifications are fairly automated with up2date although I haven't been totally satisfied with some of the package releases (supplied php version is still 4.3.9) but that can be gotten around, obviously, with doing your own builds. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Pavel Zichovsky > Sent: Friday, February 24, 2006 8:14 AM > To: mailscanner@lists.mailscanner.info > Subject: OT Advice for server reinstalation > > Hi There! > > My old RedHat 7 on server is comming to end of life, as some > things are not working correctly (but vital services like > mail server and MS are still runing OK) so I am preparing for > clean neew OS install on same (old) hardware. > > HW is pretty old, it is PIII900 with 256MB RAM, SCSI HDDs on > Mylex AcceleRAID 170 PCI RAID Controller (one RAID0 array) > (Yes, I know that 256MB is low, but it realy was enough in > our enviroment, swaping occured only in rare occasions.) I > can't get new HW, have to use this one. > > I am asking for advice which Linux distribution and products to use. > > Distribution have to be completely free (fully downloadable > from internet), must be rpm compatible (or other packaging > system, but rpm is preffered), must support my old HW (with > RAID card), must be "admin friendly" as I am not "big linux guru". > > Main Services which will be run on server (which are running > also now) Sendmail POP3/IMAP (what to use here? Dovecot? > Courrier? Something else?) Apache MailScanner SpamAssassin > MailWatch Samba WebMin MySQL FireBird > > DHCP, DNS and firewall are running on other servers > > I am thinking of Fedora Core 4 distribution. But I am open > for other suggestion from more knowlegeable people here. > > Thanks in advance for suggestions. > > With regards > Pavel Zichovsky (zichovsky@trul) > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Fri Feb 24 14:33:27 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 24 14:33:37 2006 Subject: OT Advice for server reinstalation In-Reply-To: <000f01c6394c$9b207090$1601a8c0@NBZICHOVSKY2> References: <000f01c6394c$9b207090$1601a8c0@NBZICHOVSKY2> Message-ID: <9F474D86-4E0D-444C-94B7-22BD6E4CA866@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 24 Feb 2006, at 14:14, Pavel Zichovsky wrote: > Hi There! > > My old RedHat 7 on server is comming to end of life, as some things > are not working correctly (but vital services like mail server > and MS are still runing OK) so I am preparing for clean neew OS > install on same (old) hardware. > > HW is pretty old, it is PIII900 with 256MB RAM, SCSI HDDs on Mylex > AcceleRAID 170 PCI RAID Controller (one RAID0 array) > (Yes, I know that 256MB is low, but it realy was enough in our > enviroment, swaping occured only in rare occasions.) I can't get new > HW, have to use this one. You're going to have to get used to it swapping. > > I am asking for advice which Linux distribution and products to use. > > Distribution have to be completely free (fully downloadable from > internet), > must be rpm compatible (or other packaging system, but rpm is > preffered), CentOS, Tao or Whitebox. They are basically clones of RedHat. Don't use Fedora, it is not intended for stable production use. > must support my old HW (with RAID card), > must be "admin friendly" as I am not "big linux guru". So ignore Debian and Debian-based systems such as Ubuntu. > > Main Services which will be run on server (which are running also now) > Sendmail > POP3/IMAP (what to use here? Dovecot? Courrier? Something else?) I prefer Cyrus. It's very reliable, low load, works like a dream. > Apache > MailScanner > SpamAssassin > MailWatch > Samba > WebMin > MySQL > FireBird You are going to need a lot of swap space to run that lot with 256MB of ram! > > DHCP, DNS and firewall are running on other servers > > I am thinking of Fedora Core 4 distribution. But I am open for > other suggestion from more knowlegeable people here. Fedora is intended for hobbyist experimentation, it is not intended for production systems. A clone of RedHat Enterprise 4 (such as CentOS) would be better in my opinion. Be sure to turn off all the services you don't need, you want to run as little as possible. > > Thanks in advance for suggestions. > > With regards > Pavel Zichovsky (zichovsky@trul) > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBQ/8ZOvw32o+k+q+hAQFV9wf9HDDQ3Qt4EA5PQXTkjX3NcZI8DuJG/BV5 dfK7+VRQVd+CbzBajZubDVlEmkfOvKmCRfDUL9B2LfKoSVN7lVPm/ewejbDjEEgD eQas1ipPjEn9+fKx7b1Xg+AVIy+JIfX53QFMonCqueZtRgGVFE3Iq1EC6Be/MZ1I MAGnpT0XPX9L78nGOcCM/zadmaNOCEairxgELkw4heF84wTHO6sO/iX4w3v/dw2v Nacv11g94Z3qgRBAWmU35C8/LENg23oKtZvup86C6l+qRy2RnO6HF+dehMUUModG xTTO/QgOxvn7GtEkNWZVcbotRXpliOqe1Kp/CA/Ub/fL10J6pVhZ5A== =KST6 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From sean at nisd.net Thu Feb 23 23:26:32 2006 From: sean at nisd.net (Sean Embry) Date: Fri Feb 24 15:02:00 2006 Subject: MailScanner per user mail size limit Message-ID: >> doron@crc.co.za 2/23/2006 4:22:49 PM >>> Hi, I have MailScanner 4.50.15 running on a FreeBSD 4.11 machine. All is working perfectly. I have read through the docs on creating per user mail limits but until now I have still not been able to make it work. I would like the rule file to control mail size limits for each user. Are there any problems with this ? Could someone provide me a example rule file or any hints/docs would be appreciated. Thanks in advance Doron -->>>> Doron, Be aware that if you are also archiving the email, you'll get the whole email regardless of size held in the quarantine or queue. I have done this: Set a sendmail limit to the highest your users will be permitted. Then reduce that per user via the rule sets. You user still won't get the file, though it's in the quarantine or archive. Hope that helps. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060223/41d5220c/attachment.html From rick at cooper-home.com Fri Feb 24 13:39:17 2006 From: rick at cooper-home.com (Rick Cooper) Date: Fri Feb 24 15:02:05 2006 Subject: Beta 4.51.2: "Use TNEF Contents" In-Reply-To: <43FE2D80.8020409@ecs.soton.ac.uk> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > Field > Sent: Thursday, February 23, 2006 4:48 PM > To: MailScanner discussion > Subject: Re: Beta 4.51.2: "Use TNEF Contents" > > [...] Julian, -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From support-lists at petdoctors.co.uk Fri Feb 24 15:08:26 2006 From: support-lists at petdoctors.co.uk (Nigel kendrick) Date: Fri Feb 24 15:09:04 2006 Subject: OT Advice for server reinstalation In-Reply-To: <9F474D86-4E0D-444C-94B7-22BD6E4CA866@ecs.soton.ac.uk> Message-ID: <000c01c63954$2c508b70$1465a8c0@support01> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 24 February 2006 14:33 To: MailScanner discussion Subject: Re: OT Advice for server reinstalation -----BEGIN PGP SIGNED MESSAGE----- On 24 Feb 2006, at 14:14, Pavel Zichovsky wrote: > Hi There! > > My old RedHat 7 on server is comming to end of life, as some things > are not working correctly (but vital services like mail server and MS > are still runing OK) so I am preparing for clean neew OS install on > same (old) hardware. > > HW is pretty old, it is PIII900 with 256MB RAM, SCSI HDDs on Mylex > AcceleRAID 170 PCI RAID Controller (one RAID0 array) (Yes, I know that > 256MB is low, but it realy was enough in our enviroment, swaping > occured only in rare occasions.) I can't get new HW, have to use this > one. If you can't get the hardware because money is tight and you're in the UK, these machines are worth a look - certainly will give you a better spec than what you have. Build quality is acceptable and I have 10 of these (Sempron model) at one location - no failures in 8 months and counting and with your current hardware likely to have increasing end of life failures anyway!!?? I have one running as a Netware 6.5 server for a little-used legacy app and have also fired them up with CentOS and Windows Small Business Server 2000 for debugging and test installations. They are obviously not as engineered as, say, an HP Proliant but... eSys ePC Celeron-D 315 2.26GHz 256MB 40GB CD LAN LINUX + Open Office Software, includes Keyboard & Mouse ?127.64 (?149.98 inc VAT) Quickfind code: 89079 Forget the Linux that's supplied (SUSE I seem to recall) and download CentOS, bump up RAM to 512MB minimum + transplant your disk subsystem and it's a bargain!! www.ebuyer.com From evanderleun at hal9000.nl Fri Feb 24 15:33:05 2006 From: evanderleun at hal9000.nl (Erik van der Leun) Date: Fri Feb 24 15:33:16 2006 Subject: sophos passwd. protected xls files Message-ID: Hi, I'm having troubles with people sending password protected XLS files through our scanners. Sophos Sweep returns 'could not open...' and simply drops the email without any notification. Does anybody have experience with this? How can I resolve this? Kind regards, Erik van der Leun From martinh at solid-state-logic.com Fri Feb 24 15:37:42 2006 From: martinh at solid-state-logic.com (Martin Hepworth) Date: Fri Feb 24 15:37:51 2006 Subject: sophos passwd. protected xls files In-Reply-To: Message-ID: <001601c63958$40268790$3004010a@martinhlaptop> Erik Make sure the following setting is like this in MailScanner.conf... Allowed Sophos Error Messages = "corrupt", "format not supported", "File was encrypted", "The main body of virus data is out of date" -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Erik van der Leun > Sent: 24 February 2006 15:33 > To: MailScanner Mailinglist > Subject: sophos passwd. protected xls files > > Hi, > > I'm having troubles with people sending password protected XLS files > through our scanners. Sophos Sweep returns 'could not open...' and > simply drops the email without any notification. > > Does anybody have experience with this? > How can I resolve this? > > Kind regards, > Erik van der Leun > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** From rcooper at dwford.com Fri Feb 24 15:38:00 2006 From: rcooper at dwford.com (Rick Cooper) Date: Fri Feb 24 15:38:33 2006 Subject: Beta 4.51.2: "Use TNEF Contents" In-Reply-To: <43FE2D80.8020409@ecs.soton.ac.uk> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > Field > Sent: Thursday, February 23, 2006 4:48 PM > To: MailScanner discussion > Subject: Re: Beta 4.51.2: "Use TNEF Contents" > [...] Julian, If you send a rich text message with no body and Use TNEF is set to replace, MailScanner goes into a loop dying and restarting. I tracked the error down to EximDiskStore.pm line 375. I am not sure what is what there but the debug message is: read-open /var/spool/mailscanner/incoming/16938/1FCdDL-0003Ai-DQ/winmail.dat: No such file or directory at /usr/lib/perl5/site_perl/5.8.0/MIME/Body.pm line 435 Same with internal or external tnef parser. If you Change Use TNEF Contents to add then it will pass. As it stands it would be fairly easy to DOS MailScanner with an empty bodied rtf message. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Fri Feb 24 15:48:39 2006 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Feb 24 15:48:58 2006 Subject: OT Advice for server reinstalation Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580B5DD1DE@isabella.herefordshire.gov.uk> The CentosPlus yum repo has php-5.0.4, so that's not such a big problem. I also use Dag Wieers' yum repo (for RHEL 4) with Centos 4.2 with no problems. Centos 4 support is until 2012, so it is a wise choice for enterprise boxes, though you could use the Fedora Legacy project to extend the life of your Fedora Core systems. I don't think it's at all wise installing an OS whose projected support timescale expires before your hardware is due for replacement. Looks at all those Windows 2000 boxes in our comms room and sighs... Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Thom Jones > Sent: 24 February 2006 14:30 > To: 'MailScanner discussion' > Subject: RE: OT Advice for server reinstalation > > I've had very good luck with CentOS (www.centos.org). > Essentially, it is a RedHat clone. I'm running it on similar > hardware (512Mb, though) and it works great. Security > updates notifications are fairly automated with up2date > although I haven't been totally satisfied with some of the > package releases (supplied php version is still 4.3.9) but > that can be gotten around, obviously, with doing your own builds. > > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Pavel > > Zichovsky > > Sent: Friday, February 24, 2006 8:14 AM > > To: mailscanner@lists.mailscanner.info > > Subject: OT Advice for server reinstalation > > > > Hi There! > > > > My old RedHat 7 on server is comming to end of life, as some things > > are not working correctly (but vital services like mail > server and MS > > are still runing OK) so I am preparing for clean neew OS install on > > same (old) hardware. > > > > HW is pretty old, it is PIII900 with 256MB RAM, SCSI HDDs on Mylex > > AcceleRAID 170 PCI RAID Controller (one RAID0 array) (Yes, > I know that > > 256MB is low, but it realy was enough in our enviroment, swaping > > occured only in rare occasions.) I can't get new HW, have > to use this > > one. > > > > I am asking for advice which Linux distribution and products to use. > > > > Distribution have to be completely free (fully downloadable from > > internet), must be rpm compatible (or other packaging > system, but rpm > > is preffered), must support my old HW (with RAID card), > must be "admin > > friendly" as I am not "big linux guru". > > > > Main Services which will be run on server (which are > running also now) > > Sendmail POP3/IMAP (what to use here? Dovecot? > > Courrier? Something else?) Apache MailScanner SpamAssassin > MailWatch > > Samba WebMin MySQL FireBird > > > > DHCP, DNS and firewall are running on other servers > > > > I am thinking of Fedora Core 4 distribution. But I am open > for other > > suggestion from more knowlegeable people here. > > > > Thanks in advance for suggestions. > > > > With regards > > Pavel Zichovsky (zichovsky@trul) > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From jaearick at colby.edu Fri Feb 24 15:57:00 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri Feb 24 15:57:11 2006 Subject: sophos passwd. protected xls files In-Reply-To: References: Message-ID: Been there, done that... Set the following option in MailScanner.conf: # allow encrypted Excel spreadsheets to pass thru Allowed Sophos Error Messages = "File was encrypted" My comment is included at no extra charge. I'm running 4.50.15 on Solaris, it should work with earlier versions. Jeff Earickson Colby College On Fri, 24 Feb 2006, Erik van der Leun wrote: > Date: Fri, 24 Feb 2006 16:33:05 +0100 (CET) > From: Erik van der Leun > Reply-To: MailScanner discussion > To: MailScanner Mailinglist > Subject: sophos passwd. protected xls files > > Hi, > > I'm having troubles with people sending password protected XLS files > through our scanners. Sophos Sweep returns 'could not open...' and > simply drops the email without any notification. > > Does anybody have experience with this? > How can I resolve this? > > Kind regards, > Erik van der Leun > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From evanderleun at hal9000.nl Fri Feb 24 16:03:24 2006 From: evanderleun at hal9000.nl (Erik van der Leun) Date: Fri Feb 24 16:03:40 2006 Subject: sophos passwd. protected xls files In-Reply-To: <001601c63958$40268790$3004010a@martinhlaptop> References: <001601c63958$40268790$3004010a@martinhlaptop> Message-ID: Thanks :) Had to made an extra addon to this line, but it works :) On Fri, 24 Feb 2006, Martin Hepworth wrote: > Erik > > Make sure the following setting is like this in MailScanner.conf... > > Allowed Sophos Error Messages = "corrupt", "format not supported", "File was > encrypted", "The main body of virus data is out of date" > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Erik van der Leun >> Sent: 24 February 2006 15:33 >> To: MailScanner Mailinglist >> Subject: sophos passwd. protected xls files >> >> Hi, >> >> I'm having troubles with people sending password protected XLS files >> through our scanners. Sophos Sweep returns 'could not open...' and >> simply drops the email without any notification. >> >> Does anybody have experience with this? >> How can I resolve this? >> >> Kind regards, >> Erik van der Leun >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From doron at crc.co.za Fri Feb 24 16:19:15 2006 From: doron at crc.co.za (Doron Shmaryahu) Date: Fri Feb 24 16:19:43 2006 Subject: MailScanner per user mail size limit Message-ID: <736056B20C569640AD384C4242646F2205EF16@CTDC01.crc.localnet> >>>Sean Embry>> Doron, Be aware that if you are also archiving the email, you'll get the whole email regardless of size held in the quarantine or queue. I have done this: Set a sendmail limit to the highest your users will be permitted. Then reduce that per user via the rule sets. You user still won't get the file, though it's in the quarantine or archive. Hope that helps. >>> Hi, no luck there either no archiving or quarantine happening on this server. thanks again for the advice. Doron ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Sean Embry Sent: 24 February 2006 01:27 AM To: mailscanner@lists.mailscanner.info Subject: Re: MailScanner per user mail size limit >> doron@crc.co.za 2/23/2006 4:22:49 PM >>> Hi, I have MailScanner 4.50.15 running on a FreeBSD 4.11 machine. All is working perfectly. I have read through the docs on creating per user mail limits but until now I have still not been able to make it work. I would like the rule file to control mail size limits for each user. Are there any problems with this ? Could someone provide me a example rule file or any hints/docs would be appreciated. Thanks in advance Doron -->>>> Doron, Be aware that if you are also archiving the email, you'll get the whole email regardless of size held in the quarantine or queue. I have done this: Set a sendmail limit to the highest your users will be permitted. Then reduce that per user via the rule sets. You user still won't get the file, though it's in the quarantine or archive. Hope that helps. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060224/2b0d8682/attachment.html From MailScanner at ecs.soton.ac.uk Fri Feb 24 16:19:41 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 24 16:19:51 2006 Subject: Beta 4.51.2: "Use TNEF Contents" In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 24 Feb 2006, at 15:38, Rick Cooper wrote: > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of >> Julian >> Field >> Sent: Thursday, February 23, 2006 4:48 PM >> To: MailScanner discussion >> Subject: Re: Beta 4.51.2: "Use TNEF Contents" >> > [...] > > Julian, > > If you send a rich text message with no body and Use TNEF is set to > replace, > MailScanner goes into a loop dying and restarting. I tracked the > error down > to EximDiskStore.pm line 375. I am not sure what is what there but > the debug > message is: > > read-open > /var/spool/mailscanner/incoming/16938/1FCdDL-0003Ai-DQ/winmail.dat: > No such > file or directory at /usr/lib/perl5/site_perl/5.8.0/MIME/Body.pm > line 435 > > Same with internal or external tnef parser. If you Change Use TNEF > Contents > to add then it will pass. As it stands it would be fairly easy to DOS > MailScanner with an empty bodied rtf message. Well found, thankyou. This is why I have beta versions :-) Please try editing TNEF.pm (in /usr/lib/MailScanner/MailScanner). On line 275 you should see this: next if /^msg[\d-]+\.txt$/; Please try commenting out that line and try the test again. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBQ/8yH/w32o+k+q+hAQEctAf/ffmtpsu8e/bt5qpv/T4IOPjHBqJvHTdz kGYB84+oQAeC0gyqATCG/tVp5gYDIsrqRtzHxr6ESBva+PuSwM+X9VeyXD2u3vSU klOVALytcUwUNYBBxOHILYMAZSRVq09kZ7jDP6f0e8JgBaevp4XRJhg7aYb76ALZ hd/7476TDiDE9ApQwBqieLg86vZvT6RFhR1CtShoAinsorhamELyWux6qxYFcxRz C8knHGkTrC1ozpYrUkWh69fUZ9TPBfNNUIPUdOdeTrkQ7WE3T1rMh7t3/OY1eQ0J K092mnbPzcB6IHJlJrf+i+ysOrcCtBz2kDRr5jk4FB8/+2iShhtjeQ== =yE0Q -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Fri Feb 24 16:30:19 2006 From: rcooper at dwford.com (Rick Cooper) Date: Fri Feb 24 16:30:42 2006 Subject: Beta 4.51.2: "Use TNEF Contents" In-Reply-To: Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > Field > Sent: Friday, February 24, 2006 11:20 AM > To: MailScanner discussion > Subject: Re: Beta 4.51.2: "Use TNEF Contents" > > > -----BEGIN PGP SIGNED MESSAGE----- > > On 24 Feb 2006, at 15:38, Rick Cooper wrote: > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of > >> Julian > >> Field > >> Sent: Thursday, February 23, 2006 4:48 PM > >> To: MailScanner discussion > >> Subject: Re: Beta 4.51.2: "Use TNEF Contents" > >> [...] > Well found, thankyou. This is why I have beta versions :-) > Please try editing TNEF.pm (in /usr/lib/MailScanner/MailScanner). > On line 275 you should see this: > next if /^msg[\d-]+\.txt$/; > Please try commenting out that line and try the test again. Nope, same error. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Feb 24 16:41:12 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 24 16:41:25 2006 Subject: Beta 4.51.2: "Use TNEF Contents" In-Reply-To: References: Message-ID: <232E8EAB-87A3-42FA-B686-5A328B3A8F53@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 24 Feb 2006, at 16:19, Julian Field wrote: > * PGP Signed: 02/24/06 at 16:19:43 > > On 24 Feb 2006, at 15:38, Rick Cooper wrote: >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of >>> Julian >>> Field >>> Sent: Thursday, February 23, 2006 4:48 PM >>> To: MailScanner discussion >>> Subject: Re: Beta 4.51.2: "Use TNEF Contents" >>> >> [...] >> >> Julian, >> >> If you send a rich text message with no body and Use TNEF is set >> to replace, >> MailScanner goes into a loop dying and restarting. I tracked the >> error down >> to EximDiskStore.pm line 375. I am not sure what is what there but >> the debug >> message is: >> >> read-open >> /var/spool/mailscanner/incoming/16938/1FCdDL-0003Ai-DQ/ >> winmail.dat: No such >> file or directory at /usr/lib/perl5/site_perl/5.8.0/MIME/Body.pm >> line 435 >> >> Same with internal or external tnef parser. If you Change Use TNEF >> Contents >> to add then it will pass. As it stands it would be fairly easy to DOS >> MailScanner with an empty bodied rtf message. > > Well found, thankyou. This is why I have beta versions :-) > Please try editing TNEF.pm (in /usr/lib/MailScanner/MailScanner). > On line 275 you should see this: > next if /^msg[\d-]+\.txt$/; > Please try commenting out that line and try the test again. And another change too: In Message.pm around line 1680 there will be some code that says this: # Now try the same on all the parts my(@parts, $part, @keep); @parts = $entity->parts; foreach $part (@parts) { push @keep, $part unless DeleteEntity($message, $part, $tnef) == 1; } $entity->parts(\@keep); After that, add this line: $entity->make_singlepart unless scalar(@keep); and try again. Hopefully both of these combined will help solve the problem. If you can see if this fixes the problem, I'll put it out in a new beta this weekend. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBQ/83Kfw32o+k+q+hAQFn+Af+Nb5dNgq3hTkI2n3QrjwuC+XCFjBL9CiI BIlWz8PEIXf2anVxsxD2YAhgjX+6Efuoa/I8juw6XoGg/0FYHpVy++i95uOoWN3H dr0MjJSuXvCUBEYq7IiXS1g+QP/syJwgMS8fCdwQUcNpUk8W+AD89N7v1SJnZyC2 TuUK0oTqNsk0MmPX6zndsryBmiG1nuFZjZ/+9K0K6v7/fw6u5jVyOSm8lJtKd1LH EAP/38TYEyNnUhMre0c1Nzc9Jw633ucg0Sj5IvELLwxZSB+it5qHKmgrkPmMc5dC 0USUUT/uFsjDpnB+RWB0mtzEmKJ5L+lpYP6uxhDi9T29BhaAtcBkLA== =tXw+ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From zichovsky at trul.cz Fri Feb 24 16:49:56 2006 From: zichovsky at trul.cz (Pavel Zichovsky) Date: Fri Feb 24 16:49:59 2006 Subject: OT Advice for server reinstalation In-Reply-To: <9F474D86-4E0D-444C-94B7-22BD6E4CA866@ecs.soton.ac.uk> Message-ID: <001501c63962$58055300$f200a8c0@NBZICHOVSKY2> Hi there > > Main Services which will be run on server (which are > running also now) > > Sendmail POP3/IMAP (what to use here? Dovecot? Courrier? Something > > else?) > > I prefer Cyrus. It's very reliable, low load, works like a dream. > > > Apache > > MailScanner > > SpamAssassin > > MailWatch > > Samba > > WebMin > > MySQL > > FireBird > > You are going to need a lot of swap space to run that lot > with 256MB of ram! I do not want to argue, but that lot is runing also now, and vmstat says, that swapped is less then 8MB (7556kB), and even during longer period of vmstat runing are si and so columns still zero. But maybe I am interpreting some numbers wrong :-( I forgot mention that server is for only small group (15PCs) and with very low mail volume (about 200 to 300 mails per day), so load is realy low. With regards Pavel Zichovsky (zichovsky@trul) From rcooper at dwford.com Fri Feb 24 16:53:39 2006 From: rcooper at dwford.com (Rick Cooper) Date: Fri Feb 24 16:54:31 2006 Subject: Beta 4.51.2: "Use TNEF Contents" In-Reply-To: <232E8EAB-87A3-42FA-B686-5A328B3A8F53@ecs.soton.ac.uk> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > Field > Sent: Friday, February 24, 2006 11:41 AM > To: MailScanner discussion > Subject: Re: Beta 4.51.2: "Use TNEF Contents" > > [...] > > Well found, thankyou. This is why I have beta versions :-) > > Please try editing TNEF.pm (in /usr/lib/MailScanner/MailScanner). > > On line 275 you should see this: > > next if /^msg[\d-]+\.txt$/; > > Please try commenting out that line and try the test again. > > And another change too: > In Message.pm around line 1680 there will be some code that says this: > > # Now try the same on all the parts > my(@parts, $part, @keep); > @parts = $entity->parts; > foreach $part (@parts) { > push @keep, $part unless DeleteEntity($message, $part, $tnef) == 1; > } > $entity->parts(\@keep); > > After that, add this line: > $entity->make_singlepart unless scalar(@keep); > > and try again. > > Hopefully both of these combined will help solve the problem. > > If you can see if this fixes the problem, I'll put it out in a new > beta this weekend. Nope, still fails with same error Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Feb 24 17:19:12 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 24 17:19:23 2006 Subject: Beta 4.51.2: "Use TNEF Contents" In-Reply-To: References: Message-ID: <820E4CB9-B8C3-4AC0-B2B4-87A16F34E377@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 24 Feb 2006, at 16:53, Rick Cooper wrote: > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of >> Julian >> Field >> Sent: Friday, February 24, 2006 11:41 AM >> To: MailScanner discussion >> Subject: Re: Beta 4.51.2: "Use TNEF Contents" >> >> > [...] >>> Well found, thankyou. This is why I have beta versions :-) >>> Please try editing TNEF.pm (in /usr/lib/MailScanner/MailScanner). >>> On line 275 you should see this: >>> next if /^msg[\d-]+\.txt$/; >>> Please try commenting out that line and try the test again. >> >> And another change too: >> In Message.pm around line 1680 there will be some code that says >> this: >> >> # Now try the same on all the parts >> my(@parts, $part, @keep); >> @parts = $entity->parts; >> foreach $part (@parts) { >> push @keep, $part unless DeleteEntity($message, $part, $tnef) >> == 1; >> } >> $entity->parts(\@keep); >> >> After that, add this line: >> $entity->make_singlepart unless scalar(@keep); >> >> and try again. >> >> Hopefully both of these combined will help solve the problem. >> >> If you can see if this fixes the problem, I'll put it out in a new >> beta this weekend. > > Nope, still fails with same error > My copy of Outlook won't reproduce the problem, certainly not with sendmail as the MTA. Please can you zip up the raw queue files of a message that shows the problem and send it to me at mailscanner@ecs.soton.ac.uk. Ideally I would like 1 totally empty message (no body or attachments) and 1 message with 1 attachment but no body. Both of those should exhibit the problem. Thanks. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBQ/9AEvw32o+k+q+hAQF17wgAs6B+Y2XbCCFPmrhGcxuyHz0AxjgnSgIY BO1crec3n8kL0EX5NK9ke9GwKLchohIDWllCSvRzcMdf0hDAiRHJUsuq8H4z4xNZ PhHgtAOh7JncYXf4HigsYFO1Xd/dyMSngwS6JkpXBfu0ur9wIsxaNHuTB7ZKbHaI Lnv7CA/8Hd0p49hPzGN6t7zG0j4YarAlYgnmJuFAs73cP4YH/atuR+6z2yzPSDKX KQqpOFIKZj1bkt9MDI52uEsAPzVk9H/xksDAIeojLvXlIZYvQqlGIMaug9uDGMIo kJctUank6GCgs/pKKSngNqkkhFohPE/3NosgX+uPP0K1MsbV/6JFiw== =nSJs -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shrek-m at gmx.de Fri Feb 24 17:30:14 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Fri Feb 24 17:30:21 2006 Subject: OT Advice for server reinstalation In-Reply-To: <001501c63962$58055300$f200a8c0@NBZICHOVSKY2> References: <001501c63962$58055300$f200a8c0@NBZICHOVSKY2> Message-ID: <43FF42A6.2020807@gmx.de> On 24.02.2006 17:49, Pavel Zichovsky wrote: >>>Apache >>>MailScanner >>>SpamAssassin >>>MailWatch >>>Samba >>>WebMin >>>MySQL >>>FireBird >>> >>> >>You are going to need a lot of swap space to run that lot >>with 256MB of ram! >> >> > >I do not want to argue, but that lot is runing also now, and vmstat says, that swapped is less then 8MB (7556kB), and even during >longer period of vmstat runing are si and so columns still zero. >But maybe I am interpreting some numbers wrong :-( >I forgot mention that server is for only small group (15PCs) and with very low mail volume (about 200 to 300 mails per day), so load >is realy low. > similiar to my fedora servers: 800 mhz, 128 mb ram 2 x 80 gb ide raid0 it is ok for 25 clients internet + mail + mysql i get no money for the linuxbox because all is ok - but thousands of euros are spent for m$-windows clients+servers i am not sure about your mylex raid controller search in the redhat/fedora archives, fedoralegacy or google. https://www.redhat.com/mailman/listinfo/ http://fedoralegacy.org/ -- shrek-m From MailScanner at ecs.soton.ac.uk Fri Feb 24 19:47:16 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 24 19:47:24 2006 Subject: Beta 4.51.2: "Use TNEF Contents" In-Reply-To: <820E4CB9-B8C3-4AC0-B2B4-87A16F34E377@ecs.soton.ac.uk> References: <820E4CB9-B8C3-4AC0-B2B4-87A16F34E377@ecs.soton.ac.uk> Message-ID: <43FF62C4.1090706@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can anyone generate 0-length bodies in TNEF messages? My Outlook 2003 won't do it, it always generates at least 1 blank line, which works fine. Julian Field wrote: > * PGP Signed by an unmatched address: 02/24/06 at 17:19:14 > > On 24 Feb 2006, at 16:53, Rick Cooper wrote: >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian >>> Field >>> Sent: Friday, February 24, 2006 11:41 AM >>> To: MailScanner discussion >>> Subject: Re: Beta 4.51.2: "Use TNEF Contents" >>> >>> >> [...] >>>> Well found, thankyou. This is why I have beta versions :-) >>>> Please try editing TNEF.pm (in /usr/lib/MailScanner/MailScanner). >>>> On line 275 you should see this: >>>> next if /^msg[\d-]+\.txt$/; >>>> Please try commenting out that line and try the test again. >>> >>> And another change too: >>> In Message.pm around line 1680 there will be some code that says this: >>> >>> # Now try the same on all the parts >>> my(@parts, $part, @keep); >>> @parts = $entity->parts; >>> foreach $part (@parts) { >>> push @keep, $part unless DeleteEntity($message, $part, $tnef) >>> == 1; >>> } >>> $entity->parts(\@keep); >>> >>> After that, add this line: >>> $entity->make_singlepart unless scalar(@keep); >>> >>> and try again. >>> >>> Hopefully both of these combined will help solve the problem. >>> >>> If you can see if this fixes the problem, I'll put it out in a new >>> beta this weekend. >> >> Nope, still fails with same error >> > > My copy of Outlook won't reproduce the problem, certainly not with > sendmail as the MTA. > > Please can you zip up the raw queue files of a message that shows the > problem and send it to me at mailscanner@ecs.soton.ac.uk. > > Ideally I would like 1 totally empty message (no body or attachments) > and 1 message with 1 attachment but no body. Both of those should > exhibit the problem. > > Thanks. > > --Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > * WEBCENTRE > * 0xA4FAAFA1 (L) > > > --This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBQ/9ixRH2WUcUFbZUEQK+MACfaT6yZLPiqahxl4qKIynu6BlHO5EAn1hI NwOMYwyBEm5rHlVENtHfqFnj =l8a/ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Fri Feb 24 20:08:43 2006 From: rcooper at dwford.com (Rick Cooper) Date: Fri Feb 24 20:09:04 2006 Subject: Beta 4.51.2: "Use TNEF Contents" In-Reply-To: <43FF62C4.1090706@ecs.soton.ac.uk> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > Field > Sent: Friday, February 24, 2006 2:47 PM > To: MailScanner discussion > Subject: Re: Beta 4.51.2: "Use TNEF Contents" > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Can anyone generate 0-length bodies in TNEF messages? My Outlook 2003 > won't do it, it always generates at least 1 blank line, which works fine. > > Julian Field wrote: I just sent you two tar files containing the raw queue files for a message with no body and one with one blank like (which as you said works). Sorry I had to leave for a couple of hours Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hermit921 at yahoo.com Fri Feb 24 20:25:38 2006 From: hermit921 at yahoo.com (hermit921) Date: Fri Feb 24 20:25:08 2006 Subject: CLSID matching In-Reply-To: <43D7B4E9.3080601@ecs.soton.ac.uk> References: <43D7B0C6.4030009@pixelhammer.com> <43D7B4E9.3080601@ecs.soton.ac.uk> Message-ID: <6.2.1.2.2.20060224122329.0319fed0@pop.mail.yahoo.com> I was looking at the filenames file. Doesn't this match any file name containing that 25 character string in {}, not just ending in that string? hermit921 # Deny filenames ending with CLSID's deny \{[a-hA-H0-9-]{25,}\} Filename trying to hide its real type Files containing CLSID's are trying to hide their real type From ugob at camo-route.com Fri Feb 24 20:36:12 2006 From: ugob at camo-route.com (Ugo Bellavance) Date: Fri Feb 24 20:36:39 2006 Subject: Stopping? In-Reply-To: <43FE8FFF.60407@birdy.nc> References: <43FE7AA3.2030906@birdy.nc> <1140752030.9237.76.camel@lin-workstation.azapple.com> <43FE8823.3000909@birdy.nc> <43FE887F.7030707@birdy.nc> <1140756049.9237.91.camel@lin-workstation.azapple.com> <43FE8FFF.60407@birdy.nc> Message-ID: Laurent Dinclaux wrote: >> chkconfig --list sendmail >> >> chkconfig --list MailScanner > > Here it is Craig > > # chkconfig --list sendmail > sendmail 0:arr?t 1:arr?t 2:arr?t 3:arr?t 4:arr?t 5:arr?t 6:arr?t > > # chkconfig --list MailScanner > MailScanner 0:arr?t 1:arr?t 2:marche 3:marche 4:marche 5:marche 6:arr?t > > In french "arr?t" stands for stop/off and "marche" for start/on. > > Thanks a lot. Everything seems to be fine now. Tout semble OK maintenant. -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. From MailScanner at ecs.soton.ac.uk Fri Feb 24 22:24:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 24 22:24:30 2006 Subject: 4.51.3 -- Re: Beta 4.51.2: "Use TNEF Contents" In-Reply-To: References: Message-ID: <43FF8795.5060106@ecs.soton.ac.uk> All fixed. 4.51.3 released. Rick Cooper wrote: > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian >> Field >> Sent: Friday, February 24, 2006 2:47 PM >> To: MailScanner discussion >> Subject: Re: Beta 4.51.2: "Use TNEF Contents" >> >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Can anyone generate 0-length bodies in TNEF messages? My Outlook 2003 >> won't do it, it always generates at least 1 blank line, which works fine. >> >> Julian Field wrote: >> > > I just sent you two tar files containing the raw queue files for a message with no body and one with one blank like (which as you said works). Sorry I had to leave for a couple of hours > > Rick > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Sat Feb 25 01:16:52 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sat Feb 25 01:17:17 2006 Subject: Beta 4.51.1: "Add TNEF Contents" In-Reply-To: <43FE1F6A.50903@ecs.soton.ac.uk> References: <43FE1F6A.50903@ecs.soton.ac.uk> Message-ID: <43FFB004.7090102@nkpanama.com> Replace! Replace! :) I've already had 3 clients order the book. I'm shooting for at least a dozen or two by the end of March. Keep up the good work! Maybe I can get them to buy merchandise too! ;) Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Rick Cooper wrote: > >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian >>> Field >>> Sent: Thursday, February 23, 2006 2:26 PM >>> To: MailScanner discussion >>> Subject: Re: Beta 4.51.1: "Add TNEF Contents" >>> >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Rick Cooper wrote: >>> >>> >>>> >>>> >>>> -----Original Message----- >>>> *From:* mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info]*On Behalf Of >>>> *shuttlebox >>>> *Sent:* Thursday, February 23, 2006 4:29 AM >>>> *To:* MailScanner discussion >>>> *Subject:* Re: Beta 4.51.1: "Add TNEF Contents" >>>> >>>> On 2/23/06, *Julian Field* >>> > wrote: >>>> >>>> I always try to leave as much of the original mail in place as >>>> possible, so I chose to just add to it rather than replace it. >>>> >>>> >>>> >>>> >> [...] >> >> >>>> [Rick Cooper] >>>> I guess I should have mentioned that in Outlook it does indeed >>>> show the attachments twice. Once in the body of the RTF message >>>> and once in the normal attachment (paperclip) section. If I am >>>> remembering correctly ytnef removes the tnef attachments and >>>> creates the new attachments. The Outlook users would have to open >>>> the attachments for, say meetings and such, but they still work. I >>>> thought it was working as Julian intended, that's why I didn't >>>> mention it >>>> >>>> >>>> >>> I didn't want to remove the winmail.dat file in case the TNEF expander >>> wasn't able to extract all the attachments. If that happens at least >>> Outlook users can still get at everything. I don't like removing things >>> from the message unless it's really necessary. >>> >>> >>> >> I was kinda playing with this (day off today) and you can add winmail.dat (or winmail\d{0,}\.dat) to the filename rules and winmail.dat is removed (with a warning) and the other attachments remain. Of course I wasn't interested in the warning and found a fairly easy way to put a trigger in the user report portion of the rule to tell MS not to modify the subject or body with warnings: >> deny+delete winmail\.dat$ Removed a winmail.dat file #NO_USER_REPORT >> >> If the user report =~ /#NO_USER_REPORT/sm then a global flag is *Not* set true for that attachment when it's stripped and the report/modifications are not made unless another rule is hit that doesn't contain the #NO_USER_REPORT string, but the log always shows the log warning "Removed a winmail.dat file" >> >> Then I found an odd thing. If I send a rich text message with no attachments. the entire body is removed when I have the deny[+delete] rule for winmail.dat. I use the external tnef processor so I modified the command to: >> >> -f $dir/$tnefname -C $dir --overwrite --save-body --body-pref=htr >> >> and voila! The message body returns and there is an attachment called message.rtf added that includes the rtf version of the message body. What ever is causing that must have something to do with my hither to unmentioned problem with messages containing winmail.dat and no attachments having the entire message body stripped. Any idea as to what causes that? >> > To put it briefly, not a clue. > > I have got the > Use TNEF Contents = no / add / replace > working. > What should be the default? I am going to go for "replace" unless anyone > says otherwise. > > Your thoughts please. > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQA/AwUBQ/4faxH2WUcUFbZUEQJQkwCgifr6B9G6cUcQPnCY8brklDlkYbYAoKel > Bk087z0S6itYuazLikJ+gA8X > =SYgW > -----END PGP SIGNATURE----- > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060224/83274c61/attachment.html From bgmahesh at gmail.com Sat Feb 25 06:58:00 2006 From: bgmahesh at gmail.com (BG Mahesh) Date: Sat Feb 25 06:58:05 2006 Subject: Blocking email from a particular user to a particular user Message-ID: <5227ac5c0602242258o1f26a177rbab11a4c48a630e7@mail.gmail.com> hi I know how to block a particuar user sending an email to my mailerserver [blacklist and/or /etc/mail/access] But a particular user doesn't wish to receive email from few email ids. How can that be achieved? -- -- B.G. Mahesh -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060225/62880433/attachment.html From naolson at gmail.com Sat Feb 25 08:03:03 2006 From: naolson at gmail.com (Nathan Olson) Date: Sat Feb 25 08:03:06 2006 Subject: Blocking email from a particular user to a particular user In-Reply-To: <5227ac5c0602242258o1f26a177rbab11a4c48a630e7@mail.gmail.com> References: <5227ac5c0602242258o1f26a177rbab11a4c48a630e7@mail.gmail.com> Message-ID: <8f54b4330602250003y350ac460s646ff8e0f71d409c@mail.gmail.com> In general, a MailScanner ruleset. From: $foo and To: $bar $optionValue Nate From nauman at worldcall.net.pk Sat Feb 25 08:41:43 2006 From: nauman at worldcall.net.pk (Nauman Habib) Date: Sat Feb 25 08:40:59 2006 Subject: install-Clam-SA.tar.gz -SPAM ASSASSIN HELP Message-ID: <002b01c639e7$4ff1e7c0$23c051cb@nocict> In this Package of Spam Assassin Where is the Spam > Assassin RULEZ? [root@mailserver]# rpm -qa | grep -i spamspamassassin-3.0.0-3 [root@mailserver]# rpm -ql spamassassin-3.0.0-3/etc/mail/spamassassin/etc/mail/spamassassin/init.pre/etc/mail/spamassassin/local.cf/etc/mail/spamassassin/spamassassin-default.rc/etc/mail/spamassassin/spamassassin-helper.sh/etc/mail/spamassassin/spamassassin-spamc.rc/etc/rc.d/init.d/spamassassin/etc/sysconfig/spamassassin/usr/bin/sa-learn/usr/bin/spamassassin/usr/bin/spamc/usr/bin/spamd/usr/lib/perl5/vendor_perl/5.8.5/Mail/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/ArchiveIterator.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/AutoWhitelist.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Bayes.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/BayesStore/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/BayesStore.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/BayesStore/DBM.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/BayesStore/SQL.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf/LDAP.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf/SQL.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Constants.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/DBBasedAddrList.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Dns.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/EvalTests.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/HTML.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Locales.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Locker/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Locker.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Locker/Flock.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Locker/UnixNFSSafe.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Locker/Win32.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/MailingList.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Message/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Message.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Message/Metadata/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Message/Metadata.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Message/Metadata/Received.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Message/Node.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/NetSet.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PerMsgLearner.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PersistentAddrList.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Plugin/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Plugin.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Plugin/Hashcash.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Plugin/RelayCountry.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Plugin/SPF.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Plugin/Test.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Plugin/URIDNSBL.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PluginHandler.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Reporter.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/SQLBasedAddrList.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/TextCat.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Util/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Util.pm/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Util/RegistrarBoundaries.pm/usr/share/doc/spamassassin-3.0.0/usr/share/doc/spamassassin-3.0.0/BUGS/usr/share/doc/spamassassin-3.0.0/CREDITS/usr/share/doc/spamassassin-3.0.0/Changes/usr/share/doc/spamassassin-3.0.0/LICENSE/usr/share/doc/spamassassin-3.0.0/README/usr/share/doc/spamassassin-3.0.0/STATUS/usr/share/doc/spamassassin-3.0.0/TRADEMARK/usr/share/doc/spamassassin-3.0.0/UPGRADE/usr/share/doc/spamassassin-3.0.0/USAGE/usr/share/doc/spamassassin-3.0.0/sample-nonspam.txt/usr/share/doc/spamassassin-3.0.0/sample-spam.txt/usr/share/man/man1/sa-learn.1.gz/usr/share/man/man1/spamassassin.1.gz/usr/share/man/man1/spamc.1.gz/usr/share/man/man1/spamd.1.gz/usr/share/man/man3/Mail::SpamAssassin.3pm.gz/usr/share/man/man3/Mail::SpamAssassin::ArchiveIterator.3pm.gz/usr/share/man/man3/Mail::SpamAssassin::AutoWhitelist.3pm.gz/usr/share/man/man3/Mail::SpamAssassin::Bayes.3pm.gz/usr/share/man/man3/Mail::SpamAssassin::BayesStore.3pm.gz/usr/share/man/man3/Mail::SpamAssassin::BayesStore::SQL.3pm.gz/usr/share/man/man3/Mail::SpamAssassin::Conf.3pm.gz/usr/share/man/man3/Mail::SpamAssassin::Conf::LDAP.3pm.gz/usr/share/man/man3/Mail::SpamAssassin::Conf::Parser.3pm.gz/usr/share/man/man3/Mail::SpamAssassin::Conf::SQL.3pm.gz/usr/share/man/man3/Mail::SpamAssassin::Message.3pm.gz/usr/share/man/man3/Mail::SpamAssassin::Message::Metadata.3pm.gz/usr/share/man/man3/Mail::SpamAssassin::Message::Node.3pm.gz/usr/share/man/man3/Mail::SpamAssassin::PerMsgLearner.3pm.gz/usr/share/man/man3/Mail::SpamAssassin::PerMsgStatus.3pm.gz/usr/share/man/man3/Mail::SpamAssassin::PersistentAddrList.3pm.gz/usr/share/man/man3/Mail::SpamAssassin::Plugin.3pm.gz/usr/share/man/man3/Mail::SpamAssassin::Plugin::Hashcash.3pm.gz/usr/share/man/man3/Mail::SpamAssassin::Plugin::RelayCountry.3pm.gz/usr/share/man/man3/Mail::SpamAssassin::Plugin::SPF.3pm.gz/usr/share/man/man3/Mail::SpamAssassin::Plugin::URIDNSBL.3pm.gz/usr/share/man/man3/Mail::SpamAssassin::PluginHandler.3pm.gz/usr/share/man/man3/Mail::SpamAssassin::SQLBasedAddrList.3pm.gz/usr/share/spamassassin/10_misc.cf/usr/share/spamassassin/20_anti_ratware.cf/usr/share/spamassassin/20_body_tests.cf/usr/share/spamassassin/20_compensate.cf/usr/share/spamassassin/20_dnsbl_tests.cf/usr/share/spamassassin/20_drugs.cf/usr/share/spamassassin/20_fake_helo_tests.cf/usr/share/spamassassin/20_head_tests.cf/usr/share/spamassassin/20_html_tests.cf/usr/share/spamassassin/20_meta_tests.cf/usr/share/spamassassin/20_phrases.cf/usr/share/spamassassin/20_porn.cf/usr/share/spamassassin/20_ratware.cf/usr/share/spamassassin/20_uri_tests.cf/usr/share/spamassassin/23_bayes.cf/usr/share/spamassassin/25_body_tests_es.cf/usr/share/spamassassin/25_hashcash.cf/usr/share/spamassassin/25_spf.cf/usr/share/spamassassin/25_uribl.cf/usr/share/spamassassin/30_text_de.cf/usr/share/spamassassin/30_text_fr.cf/usr/share/spamassassin/30_text_nl.cf/usr/share/spamassassin/30_text_pl.cf/usr/share/spamassassin/50_scores.cf/usr/share/spamassassin/60_whitelist.cf/usr/share/spamassassin/languages/usr/share/spamassassin/triplets.txt/usr/share/spamassassin/user_prefs.template On 2/21/06, Nauman Habib wrote: > > HI > > > I Have Just Built A Mail Server Using Latest SENDMAIL on FC2 Machine. > > I have Used Latest MAIL SCANNER and I m also Using install-Clam-SA.tar.gz( CLAM & SA ) package. > > I want to know - In this Package of Spam Assassin Where is the Spam > Assassin RULEZ? > > It is capturing some of the Spam, but leaves still a lot. > > I want to know where the Rules which can be Modifies according to my > Personal Needs are. > > If you can possible attach some Good Strict Rules as Example, it will be > nice. > Find out the exact package name by: # rpm -qa | grep -i spam Then list the files in it: # rpm -ql name-of-spamassassin-package My guess is /usr/share/spamassassin but you should never modify the original rules since they will be overwritten when you upgrade. Change scores, add rules and so on in /etc/mail/spamassassin. -- /peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060221/48c67957/attachment.html Thanks and regards, M.Nauman Habib Network Engineer -- This message has been scanned for viruses and dangerous content by WorldCall Scanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060225/ba96796d/attachment.html From shuttlebox at gmail.com Sat Feb 25 08:50:41 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Sat Feb 25 08:50:45 2006 Subject: install-Clam-SA.tar.gz -SPAM ASSASSIN HELP In-Reply-To: <002b01c639e7$4ff1e7c0$23c051cb@nocict> References: <002b01c639e7$4ff1e7c0$23c051cb@nocict> Message-ID: <625385e30602250050o4d8f1afco62fd994fbe529166@mail.gmail.com> On 2/25/06, Nauman Habib wrote: > > In this Package of Spam Assassin Where is the Spam > > Assassin RULEZ? > > /usr/share/spamassassin/10_misc.cf > /usr/share/spamassassin/20_anti_ratware.cf > /usr/share/spamassassin/20_body_tests.cf > /usr/share/spamassassin/20_compensate.cf > /usr/share/spamassassin/20_dnsbl_tests.cf > /usr/share/spamassassin/20_drugs.cf > /usr/share/spamassassin/20_fake_helo_tests.cf > /usr/share/spamassassin/20_head_tests.cf > /usr/share/spamassassin/20_html_tests.cf > /usr/share/spamassassin/20_meta_tests.cf > /usr/share/spamassassin/20_phrases.cf > /usr/share/spamassassin/20_porn.cf > /usr/share/spamassassin/20_ratware.cf > /usr/share/spamassassin/20_uri_tests.cf > /usr/share/spamassassin/23_bayes.cf > /usr/share/spamassassin/25_body_tests_es.cf > /usr/share/spamassassin/25_hashcash.cf > /usr/share/spamassassin/25_spf.cf > /usr/share/spamassassin/25_uribl.cf > /usr/share/spamassassin/30_text_de.cf > /usr/share/spamassassin/30_text_fr.cf > /usr/share/spamassassin/30_text_nl.cf > /usr/share/spamassassin/30_text_pl.cf > /usr/share/spamassassin/50_scores.cf > /usr/share/spamassassin/60_whitelist.cf It's the files above, those that ends with ".cf". But as I said you should not edit them directly since they will be overwritten next time you upgrade SA. By the way, you should do just that since you have 3.0.0 and there's a 3.1.0 available. Create your own file in /etc/mail/spamassassin/ called, for example, my.cf and add score changes and rules there instead. If you look in the file list you have some documentation there on how to do this. Simple example, if you want to change the score of a rule do this: score RULENAME 3 -- /peter From rcooper at dwford.com Sat Feb 25 16:39:26 2006 From: rcooper at dwford.com (Rick Cooper) Date: Sat Feb 25 16:39:46 2006 Subject: 4.51.3 -- Re: Beta 4.51.2: "Use TNEF Contents" In-Reply-To: <43FF8795.5060106@ecs.soton.ac.uk> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > Field > Sent: Friday, February 24, 2006 5:24 PM > To: MailScanner discussion > Subject: 4.51.3 -- Re: Beta 4.51.2: "Use TNEF Contents" > > > All fixed. 4.51.3 released. > [...] I can confirm that, thanks for this addition; much better than just denying winmail.dat! Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Sat Feb 25 18:16:40 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Feb 25 18:17:04 2006 Subject: install-Clam-SA.tar.gz -SPAM ASSASSIN HELP In-Reply-To: <002b01c639e7$4ff1e7c0$23c051cb@nocict> References: <002b01c639e7$4ff1e7c0$23c051cb@nocict> Message-ID: Nauman Habib spake the following on 2/25/2006 12:41 AM: > */In this Package of Spam Assassin Where is the Spam > />*/ Assassin RULEZ? > /** > > *[root@mailserver]# rpm -qa | grep -i spam > spamassassin-3.0.0-3* > > *[root@mailserver]# rpm -ql spamassassin-3.0.0-3 > /etc/mail/spamassassin > /etc/mail/spamassassin/init.pre > /etc/mail/spamassassin/local.cf > /etc/mail/spamassassin/spamassassin-default.rc > /etc/mail/spamassassin/spamassassin-helper.sh > /etc/mail/spamassassin/spamassassin-spamc.rc > /etc/rc.d/init.d/spamassassin > /etc/sysconfig/spamassassin > /usr/bin/sa-learn > /usr/bin/spamassassin > /usr/bin/spamc > /usr/bin/spamd > /usr/lib/perl5/vendor_perl/5.8.5/Mail > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/ArchiveIterator.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/AutoWhitelist.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Bayes.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/BayesStore > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/BayesStore.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/BayesStore/DBM.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/BayesStore/SQL.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf/LDAP.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf/SQL.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Constants.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/DBBasedAddrList.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Dns.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/EvalTests.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/HTML.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Locales.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Locker > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Locker.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Locker/Flock.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Locker/UnixNFSSafe.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Locker/Win32.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/MailingList.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Message > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Message.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Message/Metadata > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Message/Metadata.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Message/Metadata/Received.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Message/Node.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/NetSet.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PerMsgLearner.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PersistentAddrList.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Plugin > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Plugin.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Plugin/Hashcash.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Plugin/RelayCountry.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Plugin/SPF.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Plugin/Test.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Plugin/URIDNSBL.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PluginHandler.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Reporter.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/SQLBasedAddrList.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/TextCat.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Util > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Util.pm > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Util/RegistrarBoundaries.pm > /usr/share/doc/spamassassin-3.0.0 > /usr/share/doc/spamassassin-3.0.0/BUGS > /usr/share/doc/spamassassin-3.0.0/CREDITS > /usr/share/doc/spamassassin-3.0.0/Changes > /usr/share/doc/spamassassin-3.0.0/LICENSE > /usr/share/doc/spamassassin-3.0.0/README > /usr/share/doc/spamassassin-3.0.0/STATUS > /usr/share/doc/spamassassin-3.0.0/TRADEMARK > /usr/share/doc/spamassassin-3.0.0/UPGRADE > /usr/share/doc/spamassassin-3.0.0/USAGE > /usr/share/doc/spamassassin-3.0.0/sample-nonspam.txt > /usr/share/doc/spamassassin-3.0.0/sample-spam.txt > /usr/share/man/man1/sa-learn.1.gz > /usr/share/man/man1/spamassassin.1.gz > /usr/share/man/man1/spamc.1.gz > /usr/share/man/man1/spamd.1.gz > /usr/share/man/man3/Mail::SpamAssassin.3pm.gz > /usr/share/man/man3/Mail::SpamAssassin::ArchiveIterator.3pm.gz > /usr/share/man/man3/Mail::SpamAssassin::AutoWhitelist.3pm.gz > /usr/share/man/man3/Mail::SpamAssassin::Bayes.3pm.gz > /usr/share/man/man3/Mail::SpamAssassin::BayesStore.3pm.gz > /usr/share/man/man3/Mail::SpamAssassin::BayesStore::SQL.3pm.gz > /usr/share/man/man3/Mail::SpamAssassin::Conf.3pm.gz > /usr/share/man/man3/Mail::SpamAssassin::Conf::LDAP.3pm.gz > /usr/share/man/man3/Mail::SpamAssassin::Conf::Parser.3pm.gz > /usr/share/man/man3/Mail::SpamAssassin::Conf::SQL.3pm.gz > /usr/share/man/man3/Mail::SpamAssassin::Message.3pm.gz > /usr/share/man/man3/Mail::SpamAssassin::Message::Metadata.3pm.gz > /usr/share/man/man3/Mail::SpamAssassin::Message::Node.3pm.gz > /usr/share/man/man3/Mail::SpamAssassin::PerMsgLearner.3pm.gz > /usr/share/man/man3/Mail::SpamAssassin::PerMsgStatus.3pm.gz > /usr/share/man/man3/Mail::SpamAssassin::PersistentAddrList.3pm.gz > /usr/share/man/man3/Mail::SpamAssassin::Plugin.3pm.gz > /usr/share/man/man3/Mail::SpamAssassin::Plugin::Hashcash.3pm.gz > /usr/share/man/man3/Mail::SpamAssassin::Plugin::RelayCountry.3pm.gz > /usr/share/man/man3/Mail::SpamAssassin::Plugin::SPF.3pm.gz > /usr/share/man/man3/Mail::SpamAssassin::Plugin::URIDNSBL.3pm.gz > /usr/share/man/man3/Mail::SpamAssassin::PluginHandler.3pm.gz > /usr/share/man/man3/Mail::SpamAssassin::SQLBasedAddrList.3pm.gz > /usr/share/spamassassin/10_misc.cf > /usr/share/spamassassin/20_anti_ratware.cf > /usr/share/spamassassin/20_body_tests.cf > /usr/share/spamassassin/20_compensate.cf > /usr/share/spamassassin/20_dnsbl_tests.cf > /usr/share/spamassassin/20_drugs.cf > /usr/share/spamassassin/20_fake_helo_tests.cf > /usr/share/spamassassin/20_head_tests.cf > /usr/share/spamassassin/20_html_tests.cf > /usr/share/spamassassin/20_meta_tests.cf > /usr/share/spamassassin/20_phrases.cf > /usr/share/spamassassin/20_porn.cf > /usr/share/spamassassin/20_ratware.cf > /usr/share/spamassassin/20_uri_tests.cf > /usr/share/spamassassin/23_bayes.cf > /usr/share/spamassassin/25_body_tests_es.cf > /usr/share/spamassassin/25_hashcash.cf > /usr/share/spamassassin/25_spf.cf > /usr/share/spamassassin/25_uribl.cf > /usr/share/spamassassin/30_text_de.cf > /usr/share/spamassassin/30_text_fr.cf > /usr/share/spamassassin/30_text_nl.cf > /usr/share/spamassassin/30_text_pl.cf > /usr/share/spamassassin/50_scores.cf > /usr/share/spamassassin/60_whitelist.cf > /usr/share/spamassassin/languages > /usr/share/spamassassin/triplets.txt > /usr/share/spamassassin/user_prefs.template > > * > > * * > > ** > > ** > > *On 2/21/06, Nauman Habib <* *MailScanner has detected a possible fraud attempt from "lists.mailscanner.info" claiming to be* *nauman at worldcall.net.pk* **> wrote: >>*/ > /*>**/ HI > />*/ > /*>*/ > /*>**/ I Have Just Built A Mail Server Using Latest SENDMAIL on FC2 Machine. > />*/ > /*>**/ I have Used Latest MAIL SCANNER and I m also Using install-Clam-SA.tar.gz( CLAM & SA ) package. > />*/ > /*>**/ I want to know - In this Package of Spam Assassin Where is the Spam > />**/ Assassin RULEZ? > />*/ > /*>**/ It is capturing some of the Spam, but leaves still a lot. > />*/ > /*>**/ I want to know where the Rules which can be Modifies according to my > />**/ Personal Needs are. > />*/ > /*>**/ If you can possible attach some Good Strict Rules as Example, it will be > />**/ nice. > />*/ > / > *Find out the exact package name by: > > # rpm -qa | grep -i spam > > Then list the files in it: > > # rpm -ql name-of-spamassassin-package > > My guess is /usr/share/spamassassin but you should never modify the original > rules since they will be overwritten when you upgrade. Change scores, add > rules and so on in /etc/mail/spamassassin. > > -- > /peter > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: * * *http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060221/48c67957/attachment.html* > > * > Thanks and regards, > M.Nauman Habib > Network Engineer > * > * > -- > This message has been scanned for viruses and > dangerous content by *WorldCall Scanner* , > and is > believed to be clean. * > This rpm is NOT in the install-Clam-SA.tar.gz package. rpm -e spamassassin and re-run the install script, or you will have many problems. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Sat Feb 25 18:28:38 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Feb 25 18:29:09 2006 Subject: Webmin module for MailScanner unavailable In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D013D8713@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D013D8713@aiainsurance.com> Message-ID: Ken Goods spake the following on 2/22/2006 10:15 AM: > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Chris, >> >> Chris Leahy wrote: >>> Hello Mr. Field, >>> >>> I've been attempting to obtain the Webmin module for some time. >>> The better part of a year actually. The webmin site says that the >>> module is GPL licensed, but I am unable to access the page. >>> >>> It requires authentication. Asks for a login and password to access >>> the page >>> in your link, which is the same link provided on the Webmin site. >>> >>> http://lushsoft.dyndns.org/mailscanner-webmin >>> >>> I have no credentials that will let me in and I cant find any >>> information about how to gain access. >>> >>> I waited for so long simply because I can get by without it, but it >>> would be nice to be able to manage it through webmin :-) >> I don't know much about this, but someone on the list must be using >> it. >> >> Can anyone else help out this gentleman for me please? >> > > Chris (& Jules), > I have webmin-module-0.9.wbm ~460k dated April of 2004 > Also have webmin-1.130-1.noarch.rpm ~8meg dated the same time. > > I don't use the webmin module for MailScanner as I found it wasn't working > completely correct for me. However it is installed and seems to work mostly, > I just haven't had a chance to test it thoroughly. The conf file is plenty > easy to figure out and modify. I do however use webmin for grabbing files > out of quarantine and uploading/downloading files form my Win workstation. > Works great for that. Anyway I'd be happy to share what I have, let me > know... > > Kind regards, > Ken > > > Ken Goods > Network Administrator > AIA/CropUSA Insurance, Inc. > If you are going to keep webmin, it should also be upgraded, as the very old version you have has many security vulnerabilities. Webmin is now at 1.260 -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From drolland at kdinet.com Sat Feb 25 18:37:45 2006 From: drolland at kdinet.com (Diane Rolland) Date: Sat Feb 25 18:37:49 2006 Subject: Upgrading from 4.37 (I know, I know, it's OLD) In-Reply-To: <000001c63621$a2624e10$6500a8c0@kdinet.local> Message-ID: <002801c63a3a$92fbd690$6500a8c0@kdinet.local> _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shuttlebox Sent: Sunday, February 19, 2006 4:04 PM To: MailScanner discussion Subject: Re: Upgrading from 4.37 (I know, I know, it's OLD) You shouldn't edit the rpmnew files. Just follow the instructions above and MailScanner.conf will be updated with the new options and old options will have your previous values. I use the diff command for the other files, like filename.rules.conf and filetype.rules.conf. -- /peter The above did the trick; I'm all upgraded, and things seem to be working great! Thanks!, Diane -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060225/2ea4f8e2/attachment.html From ssilva at sgvwater.com Sat Feb 25 18:39:19 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Feb 25 18:39:37 2006 Subject: mail delivery problems In-Reply-To: References: Message-ID: Richard Edge spake the following on 2/22/2006 12:55 PM: > I am suddenly have mail delivery problems and am seeing entries like the > following in the error logs: > > Feb 22 12:07:56 mx10 MailScanner[12767]: Could not chdir to > /var/spool/MailScanner/incoming/6108/9A64E768.33D42 just before unpacking > extra message parts > Feb 22 12:07:56 mx10 MailScanner[12767]: Could not chdir to > /var/spool/MailScanner/incoming/6108/74AC3778.E24D9 just before unpacking > extra message parts > Feb 22 12:07:57 mx10 MailScanner[12767]: Could not chdir to > /var/spool/MailScanner/incoming/6108/60AF5B40.A5500 just before unpacking > extra message parts > Feb 22 12:07:57 mx10 MailScanner[12767]: Could not chdir to > /var/spool/MailScanner/incoming/6108/748607DD.66194 just before unpacking > extra message parts > > What could be causing this and is it related to my email delivery problems. > It was reported to me by one of our users that there seem to be long delays > in email delivery. When checking mx10.twu.ca this morning I grepped the logs > for 'New Batch' and though it was reporting that messages were being found > and processed and the number of new messages changed regulary at the time I > checked this morning it was reporting about 800+ messages being found. After > the report I received I checked again and see that there are now 1700+ plus > new message found and the number keeps increasing. PS does not report any > orphaned or defnct processes and I can find any errors in the other system > logs. Has anything been done on this machine lately to change permissions on /var/spool/MailScanner/incoming/? Is there a very large message clogging up the incoming dir? Especially if it is mounted to tmpfs. Low on space or inodes? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Sat Feb 25 19:11:15 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Feb 25 19:11:31 2006 Subject: OT Advice for server reinstalation In-Reply-To: <43FF42A6.2020807@gmx.de> References: <001501c63962$58055300$f200a8c0@NBZICHOVSKY2> <43FF42A6.2020807@gmx.de> Message-ID: shrek-m@gmx.de spake the following on 2/24/2006 9:30 AM: > On 24.02.2006 17:49, Pavel Zichovsky wrote: > >>>> Apache >>>> MailScanner >>>> SpamAssassin >>>> MailWatch >>>> Samba >>>> WebMin >>>> MySQL >>>> FireBird >>>> >>> You are going to need a lot of swap space to run that lot with 256MB >>> of ram! >>> >> >> I do not want to argue, but that lot is runing also now, and vmstat >> says, that swapped is less then 8MB (7556kB), and even during >> longer period of vmstat runing are si and so columns still zero. >> But maybe I am interpreting some numbers wrong :-( >> I forgot mention that server is for only small group (15PCs) and with >> very low mail volume (about 200 to 300 mails per day), so load >> is realy low. >> > > similiar to my fedora servers: 800 mhz, 128 mb ram 2 x 80 gb ide raid0 > it is ok for 25 clients internet + mail + mysql > i get no money for the linuxbox because all is ok - but thousands of > euros are spent for m$-windows clients+servers > That is why I get the servers cast off by the "windows" people for being too slow, and make great servers for non-profits and church organizations. The windows people get rid of their cast offs that won't run the "bloatware" and an organization with no money gets far more than they could ever hope for. > > i am not sure about your mylex raid controller > search in the redhat/fedora archives, fedoralegacy or google. > > https://www.redhat.com/mailman/listinfo/ > http://fedoralegacy.org/ > -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From itdept at fractalweb.com Sat Feb 25 21:30:23 2006 From: itdept at fractalweb.com (Chris Yuzik) Date: Sat Feb 25 21:30:19 2006 Subject: OT Advice for server reinstalation In-Reply-To: <02fc01c6394d$f5abf470$1465a8c0@support01> References: <02fc01c6394d$f5abf470$1465a8c0@support01> Message-ID: <4400CC6F.7010209@fractalweb.com> Nigel kendrick wrote: > I'd skip Fedora and put CentOS top of the list - it's a generic recompile of > Red Hat Advanced Server - I'm running it on 5 servers. > > www.centos.org > > NK > I second the motion for CentOS. Our new super server that will be deployed within the week is running CentOS, and I'm extremely impressed. Chris From rob at robhq.com Sat Feb 25 22:14:28 2006 From: rob at robhq.com (Rob Freeman) Date: Sat Feb 25 22:14:28 2006 Subject: OT Advice for server reinstalation In-Reply-To: <4400CC6F.7010209@fractalweb.com> References: <02fc01c6394d$f5abf470$1465a8c0@support01> <4400CC6F.7010209@fractalweb.com> Message-ID: <4400D6C4.9090306@robhq.com> Chris Yuzik wrote: > Nigel kendrick wrote: >> I'd skip Fedora and put CentOS top of the list - it's a generic >> recompile of >> Red Hat Advanced Server - I'm running it on 5 servers. >> www.centos.org >> >> NK >> > I second the motion for CentOS. Our new super server that will be > deployed within the week is running CentOS, and I'm extremely impressed. > > Chris We have been running centos since version 3 for mailscanner. My boss and I also run it at home for our personal mailscanner servers. Super platform and great support with lots of 3rd party yum configs to choose from. Rob From alex at nkpanama.com Sat Feb 25 22:21:47 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sat Feb 25 22:21:54 2006 Subject: OT Advice for server reinstalation In-Reply-To: <4400D6C4.9090306@robhq.com> References: <02fc01c6394d$f5abf470$1465a8c0@support01> <4400CC6F.7010209@fractalweb.com> <4400D6C4.9090306@robhq.com> Message-ID: <4400D87B.8090202@nkpanama.com> Rob Freeman wrote: > We have been running centos since version 3 for mailscanner. My boss > and I also run it at home for our personal mailscanner servers. Super > platform and great support with lots of 3rd party yum configs to > choose from. Plus DAG Wieers' RPM repository. -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From mikej at rogers.com Sun Feb 26 00:15:08 2006 From: mikej at rogers.com (Mike Jakubik) Date: Sun Feb 26 00:14:52 2006 Subject: OT Advice for server reinstalation In-Reply-To: <4400CC6F.7010209@fractalweb.com> References: <02fc01c6394d$f5abf470$1465a8c0@support01> <4400CC6F.7010209@fractalweb.com> Message-ID: <4400F30C.4010205@rogers.com> Chris Yuzik wrote: > Nigel kendrick wrote: >> I'd skip Fedora and put CentOS top of the list - it's a generic >> recompile of >> Red Hat Advanced Server - I'm running it on 5 servers. >> www.centos.org >> >> NK >> > I second the motion for CentOS. Our new super server that will be > deployed within the week is running CentOS, and I'm extremely impressed. Even better, dump Linux altogether, and install an OS that works and is easy to manage, FreeBSD. From alex at nkpanama.com Sun Feb 26 00:21:16 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Feb 26 00:21:20 2006 Subject: OT Advice for server reinstalation In-Reply-To: <4400F30C.4010205@rogers.com> References: <02fc01c6394d$f5abf470$1465a8c0@support01> <4400CC6F.7010209@fractalweb.com> <4400F30C.4010205@rogers.com> Message-ID: <4400F47C.7070905@nkpanama.com> Mike Jakubik wrote: > Chris Yuzik wrote: >> Nigel kendrick wrote: >>> I'd skip Fedora and put CentOS top of the list - it's a generic >>> recompile of >>> Red Hat Advanced Server - I'm running it on 5 servers. >>> www.centos.org >>> >>> NK >>> >> I second the motion for CentOS. Our new super server that will be >> deployed within the week is running CentOS, and I'm extremely impressed. > > Even better, dump Linux altogether, and install an OS that works and > is easy to manage, FreeBSD. > Or, in the same line of reasoning, be even *more* intelligent and run Windows and Exchange! ;) -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From mgt at stellarcore.net Sun Feb 26 14:56:26 2006 From: mgt at stellarcore.net (Mike Tremaine) Date: Sun Feb 26 14:56:37 2006 Subject: Webmin module for MailScanner unavailable In-Reply-To: <200602261200.k1QC0LCT002053@bkserver.blacknight.ie> References: <200602261200.k1QC0LCT002053@bkserver.blacknight.ie> Message-ID: <1140965786.3251.4.camel@dwarfstar.stellarcore.net> > Date: Sat, 25 Feb 2006 10:28:38 -0800 > From: Scott Silva > Subject: Re: Webmin module for MailScanner unavailable > To: mailscanner@lists.mailscanner.info > Message-ID: > Content-Type: text/plain; charset=ISO-8859-1 > > Ken Goods spake the following on 2/22/2006 10:15 AM: > > Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> Chris, > >> > >> Chris Leahy wrote: > >>> Hello Mr. Field, > >>> > >>> I've been attempting to obtain the Webmin module for some time. > >>> The better part of a year actually. The webmin site says that the > >>> module is GPL licensed, but I am unable to access the page. > >>> > >>> It requires authentication. Asks for a login and password to access > >>> the page > >>> in your link, which is the same link provided on the Webmin site. > >>> > >>> http://lushsoft.dyndns.org/mailscanner-webmin > >>> > >>> I have no credentials that will let me in and I cant find any > >>> information about how to gain access. > >>> > >>> I waited for so long simply because I can get by without it, but it > >>> would be nice to be able to manage it through webmin :-) > >> I don't know much about this, but someone on the list must be using > >> it. > >> > >> Can anyone else help out this gentleman for me please? > >> > > This project was moved to sourceforge Here is a direct link to the file http://easynews.dl.sourceforge.net/sourceforge/msfrontend/webmin-module-1.1-4.wbm Here is the project page http://sourceforge.net/projects/msfrontend I have a few 0.90 modules deployed for some people with a hack to allow them to re-send mail from the spam and virus quarantines. I never got around to pushing a patch back to the author :/ ... [Now where is that todo list?] -Mike From jonas.lilja at exallon.sigma.se Mon Feb 27 07:46:00 2006 From: jonas.lilja at exallon.sigma.se (Jonas Lilja) Date: Mon Feb 27 07:47:25 2006 Subject: razor2,pyzer and DCC Message-ID: <34D06C003AA0EA4D8D9B9443E7BDDD9501DAC8FD@ikaros.exallon.sigma.se> Hi, I wonder if someone of you can advice me about the Razor, Pyzer and DCC options in the Spamassassin-Clamav-packet I have just installed. 1. Is it difficult to configure these modules? (RPM?) 2. Does these packets catch much spam not detected by Spamassassin? 3. Is these packets documented in the MailScanner book? 4. Is it a common recommendation to use these add-on?s? 5. What?s the difference between them (razor,pyzer,dcc)? I administer a corporate with 200 empoyees and we have a lot of incoming spam. Regards /Jonas Lilja From glenn.steen at gmail.com Mon Feb 27 12:58:59 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 27 12:59:03 2006 Subject: razor2,pyzer and DCC In-Reply-To: <34D06C003AA0EA4D8D9B9443E7BDDD9501DAC8FD@ikaros.exallon.sigma.se> References: <34D06C003AA0EA4D8D9B9443E7BDDD9501DAC8FD@ikaros.exallon.sigma.se> Message-ID: <223f97700602270458y3446564bg@mail.gmail.com> On 27/02/06, Jonas Lilja wrote: > Hi, > > I wonder if someone of you can advice me about the Razor, Pyzer and DCC options in the Spamassassin-Clamav-packet I have just installed. > > 1. Is it difficult to configure these modules? (RPM?) No and no. Use the source, and it's pretty straightforward. > 2. Does these packets catch much spam not detected by Spamassassin? Yes, they help better your precision. Not a "fix-all-cure" but then, nothing really is;-). They calculate a "fuzzy" digest of each message and check if they are in the "known bad" category... And if found, SA will use them to add a nice point value or so. If more than one match, DIGEST_MULTIPLE come into play too. > 3. Is these packets documented in the MailScanner book? My copy of the book is to old to judge from... I'd image not more than in passing though. Read the wiki (both the documentation section and the maq)... You'll find both useful info and links there. > 4. Is it a common recommendation to use these add-on?s? Yes. > 5. What?s the difference between them (razor,pyzer,dcc)? Policy for how a digest end up in the database, and implementation details. If you really want to know, go read the wiki (and their respective sites). > > I administer a corporate with 200 empoyees and we have a lot of incoming spam. Good, that means you'll be able to use all three without infringing any licenses. BTW, this is the place to start looking for info: http://wiki.mailscanner.info/ Tjenixen -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From KGoods at AIAInsurance.com Mon Feb 27 16:13:08 2006 From: KGoods at AIAInsurance.com (Ken Goods) Date: Mon Feb 27 16:17:18 2006 Subject: Webmin module for MailScanner unavailable Message-ID: <13C0059880FDD3118DC600508B6D4A6D013D872C@aiainsurance.com> Scott Silva wrote: > Ken Goods spake the following on 2/22/2006 10:15 AM: >> Julian Field wrote: snip.... > If you are going to keep webmin, it should also be upgraded, as the > very old version you have has many security vulnerabilities. > Webmin is now at 1.260 > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! Thanks Scott, will do. Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. From jaearick at colby.edu Mon Feb 27 16:15:30 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon Feb 27 16:17:29 2006 Subject: 4.51.3 -- Re: Beta 4.51.2: "Use TNEF Contents" In-Reply-To: References: Message-ID: Julian, I just upgraded to 4.51.3, leaving the default "replace" for windmill.dat files. Is there any syslogging when a file is replaced? I could not see any in the code. Jeff Earickson Colby College On Sat, 25 Feb 2006, Rick Cooper wrote: > Date: Sat, 25 Feb 2006 11:39:26 -0500 > From: Rick Cooper > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: RE: 4.51.3 -- Re: Beta 4.51.2: "Use TNEF Contents" > > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian >> Field >> Sent: Friday, February 24, 2006 5:24 PM >> To: MailScanner discussion >> Subject: 4.51.3 -- Re: Beta 4.51.2: "Use TNEF Contents" >> >> >> All fixed. 4.51.3 released. >> > [...] > > I can confirm that, thanks for this addition; much better than just denying winmail.dat! > > Rick > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Mon Feb 27 16:50:47 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 27 16:51:09 2006 Subject: 4.51.3 -- Re: Beta 4.51.2: "Use TNEF Contents" In-Reply-To: References: Message-ID: <44032DE7.5030007@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 No there isn't. What would you like? Jeff A. Earickson wrote: > Julian, > > I just upgraded to 4.51.3, leaving the default "replace" for windmill.dat > files. Is there any syslogging when a file is replaced? I could > not see any in the code. > > Jeff Earickson > Colby College > > On Sat, 25 Feb 2006, Rick Cooper wrote: > >> Date: Sat, 25 Feb 2006 11:39:26 -0500 >> From: Rick Cooper >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: RE: 4.51.3 -- Re: Beta 4.51.2: "Use TNEF Contents" >> >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian >>> Field >>> Sent: Friday, February 24, 2006 5:24 PM >>> To: MailScanner discussion >>> Subject: 4.51.3 -- Re: Beta 4.51.2: "Use TNEF Contents" >>> >>> >>> All fixed. 4.51.3 released. >>> >> [...] >> >> I can confirm that, thanks for this addition; much better than just >> denying winmail.dat! >> >> Rick >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAMt9hH2WUcUFbZUEQK0lACaA7HHJvzl29nDxqwHvwlmEL7dx5oAoMt5 WODXJeJ+c8jOi7ClHHD5+4N5 =YiM+ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Mon Feb 27 17:25:33 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 27 17:25:07 2006 Subject: 4.51.3 -- Re: Beta 4.51.2: "Use TNEF Contents" In-Reply-To: <44032DE7.5030007@ecs.soton.ac.uk> References: <44032DE7.5030007@ecs.soton.ac.uk> Message-ID: <4403360D.7020202@nkpanama.com> Would love to see a "replaced filename1.ext and filename2.ext from winmail.dat", or words to that effect. Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > No there isn't. What would you like? > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From Mailscanner at mailing.kaufland-informationssysteme.com Mon Feb 27 17:25:05 2006 From: Mailscanner at mailing.kaufland-informationssysteme.com (Matthias Sutter) Date: Mon Feb 27 17:25:13 2006 Subject: Spam Policy per user Message-ID: <440335F1.3080508@mailing.kaufland-informationssysteme.com> Hi, our mailscanner installation work very well but now we should implement a function that the user have the option to change the Spam properties/handling. For example there are 3 lists off users: the first - the user should get no Spam the second - the user get no high score Spam and all others are marked in the subject line and the last and default - no Spam detection and filter is active. Can I build this scenario with mailscanner ? Thanks in advance Matthias From alex at nkpanama.com Mon Feb 27 17:36:28 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Feb 27 17:35:58 2006 Subject: Spam Policy per user In-Reply-To: <440335F1.3080508@mailing.kaufland-informationssysteme.com> References: <440335F1.3080508@mailing.kaufland-informationssysteme.com> Message-ID: <4403389C.4030706@nkpanama.com> Matthias Sutter wrote: > Hi, > > our mailscanner installation work very well but now we should > implement a function that the user have the option to change the Spam > properties/handling. > For example there are 3 lists off users: > Good luck with the users. Depending on where you are, and how many there are, there are certain things users shouldn't have direct access to unless they understand it becomes *their* responsibility, and not yours, when something breaks because of what they did. > the first - the user should get no Spam > the second - the user get no high score Spam and all others are marked > in the subject line > and the last and default - no Spam detection and filter is active. > You can currently do this with rulesets. > Can I build this scenario with mailscanner ? > Definitely. It's almost always set up that way when I set it up. > Thanks in advance > Matthias -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From MailScanner at ecs.soton.ac.uk Mon Feb 27 17:55:17 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 27 17:55:23 2006 Subject: Spam Policy per user In-Reply-To: <440335F1.3080508@mailing.kaufland-informationssysteme.com> References: <440335F1.3080508@mailing.kaufland-informationssysteme.com> Message-ID: <44033D05.9060403@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matthias Sutter wrote: > Hi, > > our mailscanner installation work very well but now we should > implement a function that the user have the option to change the Spam > properties/handling. > For example there are 3 lists off users: > > the first - the user should get no Spam Spam Actions = delete High Scoring Spam Actions = delete > the second - the user get no high score Spam and all others are marked > in the subject line Spam Actions = deliver High Scoring Spam Actions = delete > and the last and default - no Spam detection and filter is active. Spam Actions = deliver High Scoring Spam Actions = deliver All you need to do is write a bit of support for some sort of backend with a Custom Function for "Spam Actions" and "High Scoring Spam Actions" to produce either the "deliver" or "delete" actions as appropriate. Once you have some sort of a DB backend to store the data in, this is only a few lines of code to do the Custom Functions required. No huge job. > > Can I build this scenario with mailscanner ? > > Thanks in advance > Matthias - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAM9BRH2WUcUFbZUEQKxlwCbB3WOv8v+GwuejKfI0ieCuI4Y2S8AoMBp 2qNMSBvnWtYZFzl7dP5s7S8F =dqo/ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jaearick at colby.edu Mon Feb 27 18:13:50 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon Feb 27 18:14:01 2006 Subject: 4.51.3 -- Re: Beta 4.51.2: "Use TNEF Contents" In-Reply-To: <4403360D.7020202@nkpanama.com> References: <44032DE7.5030007@ecs.soton.ac.uk> <4403360D.7020202@nkpanama.com> Message-ID: And don't forget the MessageID in the line!! Thanks! Jeff Earickson Colby College On Mon, 27 Feb 2006, Alex Neuman van der Hans wrote: > Date: Mon, 27 Feb 2006 12:25:33 -0500 > From: Alex Neuman van der Hans > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: 4.51.3 -- Re: Beta 4.51.2: "Use TNEF Contents" > > Would love to see a "replaced filename1.ext and filename2.ext from > winmail.dat", or words to that effect. > > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> No there isn't. What would you like? >> > > -- > > Alex Neuman van der Hans > N&K Technology Consultants > Tel. +507 214-9002 - http://nkpanama.com/ > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From BBourdage at techpro.com Mon Feb 27 18:37:58 2006 From: BBourdage at techpro.com (Barry Bourdage) Date: Mon Feb 27 18:38:02 2006 Subject: Spam Policy per user Message-ID: <2E09A52C9852E24A9A084352AB68F2C5D19868@w2k3-tp.techpro.local> I have helped with one to work with MailWatch, but if you had the database defined, it would run without modifications. Please e-mail me, if you would like the code. Barry -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Monday, February 27, 2006 11:55 AM To: MailScanner discussion Subject: Re: Spam Policy per user -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matthias Sutter wrote: > Hi, > > our mailscanner installation work very well but now we should > implement a function that the user have the option to change the Spam > properties/handling. > For example there are 3 lists off users: > > the first - the user should get no Spam Spam Actions = delete High Scoring Spam Actions = delete > the second - the user get no high score Spam and all others are marked > in the subject line Spam Actions = deliver High Scoring Spam Actions = delete > and the last and default - no Spam detection and filter is active. Spam Actions = deliver High Scoring Spam Actions = deliver All you need to do is write a bit of support for some sort of backend with a Custom Function for "Spam Actions" and "High Scoring Spam Actions" to produce either the "deliver" or "delete" actions as appropriate. Once you have some sort of a DB backend to store the data in, this is only a few lines of code to do the Custom Functions required. No huge job. > > Can I build this scenario with mailscanner ? > > Thanks in advance > Matthias - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRAM9BRH2WUcUFbZUEQKxlwCbB3WOv8v+GwuejKfI0ieCuI4Y2S8AoMBp 2qNMSBvnWtYZFzl7dP5s7S8F =dqo/ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From rpoe at plattesheriff.org Mon Feb 27 19:20:46 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Mon Feb 27 19:21:14 2006 Subject: OT Advice for server reinstalation In-Reply-To: <000f01c6394c$9b207090$1601a8c0@NBZICHOVSKY2> References: <000f01c6394c$9b207090$1601a8c0@NBZICHOVSKY2> Message-ID: <4402FCAE.65ED.00A2.0@plattesheriff.org> I'd do an upgrade from RH7.x to RH9, then upgrade from RH9 to CentOS But that's just me :) >>> zichovsky@trul.cz 2/24/2006 8:14 AM >>> Hi There! My old RedHat 7 on server is comming to end of life, as some things are not working correctly (but vital services like mail server and MS are still runing OK) so I am preparing for clean neew OS install on same (old) hardware. HW is pretty old, it is PIII900 with 256MB RAM, SCSI HDDs on Mylex AcceleRAID 170 PCI RAID Controller (one RAID0 array) (Yes, I know that 256MB is low, but it realy was enough in our enviroment, swaping occured only in rare occasions.) I can't get new HW, have to use this one. I am asking for advice which Linux distribution and products to use. Distribution have to be completely free (fully downloadable from internet), must be rpm compatible (or other packaging system, but rpm is preffered), must support my old HW (with RAID card), must be "admin friendly" as I am not "big linux guru". Main Services which will be run on server (which are running also now) Sendmail POP3/IMAP (what to use here? Dovecot? Courrier? Something else?) Apache MailScanner SpamAssassin MailWatch Samba WebMin MySQL FireBird DHCP, DNS and firewall are running on other servers I am thinking of Fedora Core 4 distribution. But I am open for other suggestion from more knowlegeable people here. Thanks in advance for suggestions. With regards Pavel Zichovsky (zichovsky@trul) -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From taz at taz-mania.com Mon Feb 27 19:32:41 2006 From: taz at taz-mania.com (Dennis Willson) Date: Mon Feb 27 19:32:47 2006 Subject: Spam Policy per user In-Reply-To: <440335F1.3080508@mailing.kaufland-informationssysteme.com> References: <440335F1.3080508@mailing.kaufland-informationssysteme.com> Message-ID: <440353D9.907@taz-mania.com> This is an easy add-on to MailWatch. I did this and it works well. I have it so that each user can set what to do at the different detection levels (the delivery options) and even set the SpamAssassin scores for each threshold if they want. Matthias Sutter wrote: > Hi, > > our mailscanner installation work very well but now we should > implement a function that the user have the option to change the Spam > properties/handling. > For example there are 3 lists off users: > > the first - the user should get no Spam > the second - the user get no high score Spam and all others are marked > in the subject line > and the last and default - no Spam detection and filter is active. > > Can I build this scenario with mailscanner ? > > Thanks in advance > Matthias -- ---------------------------------- Dennis Willson mailto:taz@taz-mania.com http://www.taz-mania.com -------------- next part -------------- A non-text attachment was scrubbed... Name: taz.vcf Type: text/x-vcard Size: 240 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060227/49da6195/taz.vcf From bpumphrey at WoodMacLaw.com Mon Feb 27 20:06:56 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Mon Feb 27 20:06:59 2006 Subject: OT: building a new MS machine and stuck at the firewall Message-ID: <04D932B0071FE34FA63EBB1977B48D15D7464D@woodenex.woodmaclaw.local> Well I thought that I was not a newbie, but I am already stuck and having not did anything but install CentOS 4.2. I opted to enable the firewall during the setup, and now I do not even know how to turn it off let alone configure the iptables, as it seems that I need to do. I searched and searched and I really just want to turn it off because it is not directly on the net. Any simple command ex: service firewall stop chkconfig firewall or something to turn it off? Thank you From rcooper at dwford.com Mon Feb 27 20:17:11 2006 From: rcooper at dwford.com (Rick Cooper) Date: Mon Feb 27 20:17:47 2006 Subject: building a new MS machine and stuck at the firewall In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15D7464D@woodenex.woodmaclaw.local> Message-ID: I was thinking CentOS used /etc/init.d/iptables stop then chkconfig --del iptables Rick > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Billy A. > Pumphrey > Sent: Monday, February 27, 2006 3:07 PM > To: MailScanner discussion > Subject: OT: building a new MS machine and stuck at the firewall > > > Well I thought that I was not a newbie, but I am already stuck and > having not did anything but install CentOS 4.2. > > I opted to enable the firewall during the setup, and now I do not even > know how to turn it off let alone configure the iptables, as it seems > that I need to do. I searched and searched and I really just want to > turn it off because it is not directly on the net. > > Any simple command ex: service firewall stop chkconfig firewall or > something to turn it off? > > Thank you > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > = -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From joshua.hirsh at partnersolutions.ca Mon Feb 27 20:18:10 2006 From: joshua.hirsh at partnersolutions.ca (Joshua Hirsh) Date: Mon Feb 27 20:18:14 2006 Subject: OT: building a new MS machine and stuck at the firewall Message-ID: > Any simple command ex: service firewall stop chkconfig firewall or > something to turn it off? Hi Billy, You have a few options: 1) type 'setup' as root and disable the firewall from there 2) type 'service iptables stop', and 'chkconfig iptables off' (this disabled the firewall startup script) 3) for a temporary removal until next reboot, type 'iptables -F' (this flushes out the iptables rules) Cheers, -Joshua From naolson at gmail.com Mon Feb 27 20:18:20 2006 From: naolson at gmail.com (Nathan Olson) Date: Mon Feb 27 20:18:24 2006 Subject: OT: building a new MS machine and stuck at the firewall In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15D7464D@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15D7464D@woodenex.woodmaclaw.local> Message-ID: <8f54b4330602271218k614f5168pa632a745e6b4bf6b@mail.gmail.com> As root: /sbin/service iptables stop /sbin/chkconfig iptables off Nate From dyioulos at firstbhph.com Mon Feb 27 20:19:11 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Mon Feb 27 20:19:17 2006 Subject: OT: building a new MS machine and stuck at the firewall In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15D7464D@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15D7464D@woodenex.woodmaclaw.local> Message-ID: <200602271519.12006.dyioulos@firstbhph.com> On Monday February 27 2006 3:06 pm, Billy A. Pumphrey wrote: > Well I thought that I was not a newbie, but I am already stuck and > having not did anything but install CentOS 4.2. > > I opted to enable the firewall during the setup, and now I do not even > know how to turn it off let alone configure the iptables, as it seems > that I need to do. I searched and searched and I really just want to > turn it off because it is not directly on the net. > > Any simple command ex: service firewall stop chkconfig firewall or > something to turn it off? > > Thank you > -- "service iptables stop" will stop iptables immediately, but isn't persistent. For that, "chkconfig --level 345 iptables off" should do it. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rob at robhq.com Mon Feb 27 20:25:11 2006 From: rob at robhq.com (Rob Freeman) Date: Mon Feb 27 20:25:11 2006 Subject: OT: building a new MS machine and stuck at the firewall In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15D7464D@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15D7464D@woodenex.woodmaclaw.local> Message-ID: <44036027.8020206@robhq.com> service iptables stop chkconfig iptables off You can also run setup from a console and then choose System services to choose what is starting at boot time. Rob Billy A. Pumphrey wrote: > Well I thought that I was not a newbie, but I am already stuck and > having not did anything but install CentOS 4.2. > > I opted to enable the firewall during the setup, and now I do not even > know how to turn it off let alone configure the iptables, as it seems > that I need to do. I searched and searched and I really just want to > turn it off because it is not directly on the net. > > Any simple command ex: service firewall stop chkconfig firewall or > something to turn it off? > > Thank you > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From MailScanner at ecs.soton.ac.uk Mon Feb 27 20:32:28 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 27 20:32:34 2006 Subject: OT: building a new MS machine and stuck at the firewall In-Reply-To: References: Message-ID: <440361DC.2070604@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Joshua Hirsh wrote: >> Any simple command ex: service firewall stop chkconfig firewall or >> something to turn it off? >> > > > Hi Billy, > > You have a few options: > > 1) type 'setup' as root and disable the firewall from there > 2) type 'service iptables stop', and 'chkconfig iptables off' (this disabled the firewall startup script) > 3) for a temporary removal until next reboot, type 'iptables -F' (this flushes out the iptables rules) > Once you've got iptables in, how do you configure it? Presumably there are some reasonable firewall configuration tools included with RHEL/CentOS? I've always just done it the hard way, any time I've needed it (which is rarely, we have FW-1 connected to an active IDS), but there must be an easy way. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQA/AwUBRANh3RH2WUcUFbZUEQLNAQCg9nXA4V/l/WAU1w57bqtLnBVr8pwAoK4x ZXeOnpzopydwEmppc7JBgj1m =lGQH -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Mon Feb 27 20:43:00 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 27 20:43:34 2006 Subject: OT Advice for server reinstalation In-Reply-To: <4400F47C.7070905@nkpanama.com> References: <02fc01c6394d$f5abf470$1465a8c0@support01> <4400CC6F.7010209@fractalweb.com> <4400F30C.4010205@rogers.com> <4400F47C.7070905@nkpanama.com> Message-ID: Alex Neuman van der Hans spake the following on 2/25/2006 4:21 PM: > > > Mike Jakubik wrote: >> Chris Yuzik wrote: >>> Nigel kendrick wrote: >>>> I'd skip Fedora and put CentOS top of the list - it's a generic >>>> recompile of >>>> Red Hat Advanced Server - I'm running it on 5 servers. >>>> www.centos.org >>>> >>>> NK >>>> >>> I second the motion for CentOS. Our new super server that will be >>> deployed within the week is running CentOS, and I'm extremely impressed. >> >> Even better, dump Linux altogether, and install an OS that works and >> is easy to manage, FreeBSD. >> > Or, in the same line of reasoning, be even *more* intelligent and run > Windows and Exchange! ;) > Now lets not get nasty!! ;-) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Feb 27 20:48:10 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 27 20:48:44 2006 Subject: OT Advice for server reinstalation In-Reply-To: <4402FCAE.65ED.00A2.0@plattesheriff.org> References: <000f01c6394c$9b207090$1601a8c0@NBZICHOVSKY2> <4402FCAE.65ED.00A2.0@plattesheriff.org> Message-ID: Rob Poe spake the following on 2/27/2006 11:20 AM: > I'd do an upgrade from RH7.x to RH9, then upgrade from RH9 to CentOS > > But that's just me :) > > >>>> zichovsky@trul.cz 2/24/2006 8:14 AM >>> > Hi There! > > My old RedHat 7 on server is comming to end of life, as some things are > not working correctly (but vital services like mail server > and MS are still runing OK) so I am preparing for clean neew OS install <> I have gone the upgrade route before, but I don't recommend it. I only did it because I didn't have the time or hardware to do a fresh install. Maybe you could stick in another hard drive and dual boot for a while until the migration is done. That way a working server is just a 3 fingered salute away! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Feb 27 20:44:45 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 27 20:51:58 2006 Subject: OT Advice for server reinstalation In-Reply-To: <4400F30C.4010205@rogers.com> References: <02fc01c6394d$f5abf470$1465a8c0@support01> <4400CC6F.7010209@fractalweb.com> <4400F30C.4010205@rogers.com> Message-ID: Mike Jakubik spake the following on 2/25/2006 4:15 PM: > Chris Yuzik wrote: >> Nigel kendrick wrote: >>> I'd skip Fedora and put CentOS top of the list - it's a generic >>> recompile of >>> Red Hat Advanced Server - I'm running it on 5 servers. >>> www.centos.org >>> >>> NK >>> >> I second the motion for CentOS. Our new super server that will be >> deployed within the week is running CentOS, and I'm extremely impressed. > > Even better, dump Linux altogether, and install an OS that works and is > easy to manage, FreeBSD. > I have tried a couple times to install FreeBSD to play with it, and keep getting stuck. I guess I need to read another hundred online howto's. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From bpumphrey at WoodMacLaw.com Mon Feb 27 21:03:12 2006 From: bpumphrey at WoodMacLaw.com (Billy A. Pumphrey) Date: Mon Feb 27 21:03:15 2006 Subject: OT: building a new MS machine and stuck at the firewall Message-ID: <04D932B0071FE34FA63EBB1977B48D15D746D7@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Monday, February 27, 2006 3:32 PM > To: MailScanner discussion > Subject: Re: OT: building a new MS machine and stuck at the firewall > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Joshua Hirsh wrote: > >> Any simple command ex: service firewall stop chkconfig firewall or > >> something to turn it off? > >> > > > > > > Hi Billy, > > > > You have a few options: > > > > 1) type 'setup' as root and disable the firewall from there > > 2) type 'service iptables stop', and 'chkconfig iptables off' (this > disabled the firewall startup script) > > 3) for a temporary removal until next reboot, type 'iptables -F' (this > flushes out the iptables rules) > > > Once you've got iptables in, how do you configure it? > Presumably there are some reasonable firewall configuration tools > included with RHEL/CentOS? > I've always just done it the hard way, any time I've needed it (which is > rarely, we have FW-1 connected to an active IDS), but there must be an > easy way. > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > Thank you everyone for your answer. I will keep chugging along and see how good I can do following the WIKI and so forth. This is only the third time that I have rebuilt my MailScanner machine and worked with Linux so it is not an easy chore for me. Rest assured I will probably be stuck again somewhere else in the next few days or so. I will need some help on tranfereing my mysql table rows and stuff. The good news is I was able to upgrade from my dual 600mhz to a dual 2.8ghz 2gb ram. That will make my web reports and so forth faster. From dyioulos at firstbhph.com Mon Feb 27 21:28:04 2006 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Mon Feb 27 21:28:09 2006 Subject: OT: building a new MS machine and stuck at the firewall In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15D7464D@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15D7464D@woodenex.woodmaclaw.local> Message-ID: <200602271628.04619.dyioulos@firstbhph.com> On Monday February 27 2006 3:06 pm, Billy A. Pumphrey wrote: > Well I thought that I was not a newbie, but I am already stuck and > having not did anything but install CentOS 4.2. > > I opted to enable the firewall during the setup, and now I do not even > know how to turn it off let alone configure the iptables, as it seems > that I need to do. I searched and searched and I really just want to > turn it off because it is not directly on the net. > > Any simple command ex: service firewall stop chkconfig firewall or > something to turn it off? > > Thank you > -- Actually, that should be "chkconfig --level 2345 iptables off" Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From naolson at gmail.com Mon Feb 27 21:51:32 2006 From: naolson at gmail.com (Nathan Olson) Date: Mon Feb 27 21:51:35 2006 Subject: Remove single recipient from multi-recipient envelope. Message-ID: <8f54b4330602271351m505aba7ej5e329e8b2592341b@mail.gmail.com> I need to remove a single recipient from a multi-recipient envelope. I tried a ruleset, highspam.rules: To: *@example.com delete FromOrTo: default deliver High Scoring Spam Actions = highspam When a message comes in that has envelope recipients foo@example.com and bar@somethingelse.com sendmail creates a single queue file and a single data file. I'd like just foo@example.com stripped off before the message is placed in the outgoing sendmail queue. Currently, the whole message is deleted. Is this possible through MailScanner and/or sendmail? Thanks, Nate From glenn.steen at gmail.com Mon Feb 27 22:43:10 2006 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 27 22:43:14 2006 Subject: Remove single recipient from multi-recipient envelope. In-Reply-To: <8f54b4330602271351m505aba7ej5e329e8b2592341b@mail.gmail.com> References: <8f54b4330602271351m505aba7ej5e329e8b2592341b@mail.gmail.com> Message-ID: <223f97700602271443g49f410c1k@mail.gmail.com> On 27/02/06, Nathan Olson wrote: > I need to remove a single recipient from a multi-recipient envelope. > > I tried a ruleset, highspam.rules: > To: *@example.com delete > FromOrTo: default deliver > > High Scoring Spam Actions = highspam > > When a message comes in that has envelope recipients > foo@example.com and bar@somethingelse.com sendmail > creates a single queue file and a single data file. I'd like > just foo@example.com stripped off before the message is placed > in the outgoing sendmail queue. Currently, the whole message > is deleted. > > Is this possible through MailScanner and/or sendmail? > > Thanks, > Nate Why not just make an alias for foo@example.com to /dev/null? Simple and effective:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From taz at taz-mania.com Mon Feb 27 22:50:07 2006 From: taz at taz-mania.com (Dennis Willson) Date: Mon Feb 27 22:50:10 2006 Subject: OT: building a new MS machine and stuck at the firewall In-Reply-To: <440361DC.2070604@ecs.soton.ac.uk> References: <440361DC.2070604@ecs.soton.ac.uk> Message-ID: <4403821F.4030503@taz-mania.com> You can use Webmin to manage the IPtables rules. If you're new to managing Linux, Webmin can make life a lot easier. You can also sometimes learn a few things by looking at the config files before and after you do something in Webmin to understand what the configs are really doing. Dennis Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > > > >Joshua Hirsh wrote: > > >>>Any simple command ex: service firewall stop chkconfig firewall or >>>something to turn it off? >>> >>> >>> >>Hi Billy, >> >> You have a few options: >> >> 1) type 'setup' as root and disable the firewall from there >> 2) type 'service iptables stop', and 'chkconfig iptables off' (this disabled the firewall startup script) >> 3) for a temporary removal until next reboot, type 'iptables -F' (this flushes out the iptables rules) >> >> >> >Once you've got iptables in, how do you configure it? >Presumably there are some reasonable firewall configuration tools >included with RHEL/CentOS? >I've always just done it the hard way, any time I've needed it (which is >rarely, we have FW-1 connected to an active IDS), but there must be an >easy way. > >- -- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Professional Support Services at www.MailScanner.biz >MailScanner thanks transtec Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.0.5 (Build 5050) > >iQA/AwUBRANh3RH2WUcUFbZUEQLNAQCg9nXA4V/l/WAU1w57bqtLnBVr8pwAoK4x >ZXeOnpzopydwEmppc7JBgj1m >=lGQH >-----END PGP SIGNATURE----- > > > -- ---------------------------------- Dennis Willson mailto:taz@taz-mania.com http://www.taz-mania.com -------------- next part -------------- A non-text attachment was scrubbed... Name: taz.vcf Type: text/x-vcard Size: 240 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060227/1cbd8e1e/taz.vcf From drolland at kdinet.com Mon Feb 27 22:57:20 2006 From: drolland at kdinet.com (Diane Rolland) Date: Mon Feb 27 22:57:26 2006 Subject: Outlook RTF in MS version 4.50.15-1 Message-ID: <009001c63bf1$2bad69a0$6500a8c0@kdinet.local> I know there is a thread about the upcoming "Add TNEF Contents" in the beta version, but I just upgraded to 4.50.15-1 over the weekend. Today, I'm seeing the following: MailScanner: No Outlook Rich Text Format messages due to security hole use HTML instead (winmail.dat) Is there a workaround for me until I can upgrade to the version that will include the TNEF Contents feature? I have most of the users now using HTML rather than RTF, but still sometimes get legitamate email inbound in RTF. Any suggestions? Thanks!, Diane From mikej at rogers.com Mon Feb 27 23:08:12 2006 From: mikej at rogers.com (Mike Jakubik) Date: Mon Feb 27 23:07:54 2006 Subject: OT Advice for server reinstalation In-Reply-To: References: <02fc01c6394d$f5abf470$1465a8c0@support01> <4400CC6F.7010209@fractalweb.com> <4400F30C.4010205@rogers.com> Message-ID: <4403865C.3060205@rogers.com> Scott Silva wrote: > Mike Jakubik spake the following on 2/25/2006 4:15 PM: > >> Chris Yuzik wrote: >> >>> Nigel kendrick wrote: >>> >>>> I'd skip Fedora and put CentOS top of the list - it's a generic >>>> recompile of >>>> Red Hat Advanced Server - I'm running it on 5 servers. >>>> www.centos.org >>>> >>>> NK >>>> >>>> >>> I second the motion for CentOS. Our new super server that will be >>> deployed within the week is running CentOS, and I'm extremely impressed. >>> >> Even better, dump Linux altogether, and install an OS that works and is >> easy to manage, FreeBSD. >> >> > I have tried a couple times to install FreeBSD to play with it, and keep > getting stuck. I guess I need to read another hundred online howto's. > > Where do you get stuck? It takes me 5 min to install FreeBSD, most Linux distros take 20 and install crap i don't want/will never use. I don't know why you want to read a hundred howto's, there is only one freebsd handbook ,which should address any questions for people new to it. The ports are easy as pie to install. From mikej at rogers.com Mon Feb 27 23:14:52 2006 From: mikej at rogers.com (Mike Jakubik) Date: Mon Feb 27 23:14:30 2006 Subject: OT Advice for server reinstalation In-Reply-To: <4402FCAE.65ED.00A2.0@plattesheriff.org> References: <000f01c6394c$9b207090$1601a8c0@NBZICHOVSKY2> <4402FCAE.65ED.00A2.0@plattesheriff.org> Message-ID: <440387EC.5000403@rogers.com> > Hi There! > > My old RedHat 7 on server is comming to end of life, as some things are > not working correctly (but vital services like mail server > and MS are still runing OK) so I am preparing for clean neew OS install > on same (old) hardware. > > HW is pretty old, it is PIII900 with 256MB RAM, SCSI HDDs on Mylex > AcceleRAID 170 PCI RAID Controller (one RAID0 array) > (Yes, I know that 256MB is low, but it realy was enough in our > enviroment, swaping occured only in rare occasions.) I can't get new > HW, have to use this one. > > I am asking for advice which Linux distribution and products to use. > > Distribution have to be completely free (fully downloadable from > internet), > FreeBSD, bsd license. But stick with what you know best, as that will always be the best solution for you. This is just my recommendation. > must be rpm compatible (or other packaging system, but rpm is > preffered), > must support my old HW (with RAID card), > FreeBSD has ports that will have all the software you need, and your HW should be supported just fine. > must be "admin friendly" as I am not "big linux guru". > Well, this is relative. > Main Services which will be run on server (which are running also now) > Sendmail > POP3/IMAP (what to use here? Dovecot? Courrier? Something else?) > Dovecot and Courier are probably your best choices. > Apache > MailScanner > SpamAssassin > MailWatch > Samba > WebMin > MySQL > FireBird > > DHCP, DNS and firewall are running on other servers > > I am thinking of Fedora Core 4 distribution. But I am open for other > suggestion from more knowlegeable people here. > > Thanks in advance for suggestions. > FreeBSD doesn't install much of the bloat that Linux does by default, so it should be well suited for your older hardware. If you go with Linux, make sure you install only what you need, and disable unused services such as nfs, rpc, etc... From ssilva at sgvwater.com Mon Feb 27 23:14:31 2006 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Feb 27 23:14:53 2006 Subject: OT Advice for server reinstalation In-Reply-To: <4403865C.3060205@rogers.com> References: <02fc01c6394d$f5abf470$1465a8c0@support01> <4400CC6F.7010209@fractalweb.com> <4400F30C.4010205@rogers.com> <4403865C.3060205@rogers.com> Message-ID: Mike Jakubik spake the following on 2/27/2006 3:08 PM: > Scott Silva wrote: >> Mike Jakubik spake the following on 2/25/2006 4:15 PM: >> >>> Chris Yuzik wrote: >>> >>>> Nigel kendrick wrote: >>>> >>>>> I'd skip Fedora and put CentOS top of the list - it's a generic >>>>> recompile of >>>>> Red Hat Advanced Server - I'm running it on 5 servers. >>>>> www.centos.org >>>>> >>>>> NK >>>>> >>>> I second the motion for CentOS. Our new super server that will be >>>> deployed within the week is running CentOS, and I'm extremely >>>> impressed. >>>> >>> Even better, dump Linux altogether, and install an OS that works and is >>> easy to manage, FreeBSD. >>> >>> >> I have tried a couple times to install FreeBSD to play with it, and keep >> getting stuck. I guess I need to read another hundred online howto's. >> >> > > Where do you get stuck? It takes me 5 min to install FreeBSD, most Linux > distros take 20 and install crap i don't want/will never use. I don't > know why you want to read a hundred howto's, there is only one freebsd > handbook > ,which should address any questions for people new to it. The ports are > easy as pie to install. > I was trying to get it going in VMWare to play with it, and never got it to boot. Maybe I will try 5.3 again. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From drew at themarshalls.co.uk Mon Feb 27 23:18:12 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Mon Feb 27 23:18:19 2006 Subject: Outlook RTF in MS version 4.50.15-1 In-Reply-To: <009001c63bf1$2bad69a0$6500a8c0@kdinet.local> References: <009001c63bf1$2bad69a0$6500a8c0@kdinet.local> Message-ID: On 27 Feb 2006, at 22:57, Diane Rolland wrote: > I know there is a thread about the upcoming "Add TNEF Contents" in > the beta > version, but I just upgraded to 4.50.15-1 over the weekend. > > Today, I'm seeing the following: > > MailScanner: No Outlook Rich Text Format messages due to security hole > use HTML instead (winmail.dat) > > > Is there a workaround for me until I can upgrade to the version > that will > include the TNEF Contents feature? Check your filename.rules.conf and filetype.rules.conf files. You will see the entries in these. Just comment out the lines you don't want and re-start MailScanner. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From mikej at rogers.com Mon Feb 27 23:26:03 2006 From: mikej at rogers.com (Mike Jakubik) Date: Mon Feb 27 23:25:43 2006 Subject: OT Advice for server reinstalation In-Reply-To: References: <02fc01c6394d$f5abf470$1465a8c0@support01> <4400CC6F.7010209@fractalweb.com> <4400F30C.4010205@rogers.com> <4403865C.3060205@rogers.com> Message-ID: <44038A8B.5000302@rogers.com> Scott Silva wrote: >> Where do you get stuck? It takes me 5 min to install FreeBSD, most Linux >> distros take 20 and install crap i don't want/will never use. I don't >> know why you want to read a hundred howto's, there is only one freebsd >> handbook >> ,which should address any questions for people new to it. The ports are >> easy as pie to install. >> >> > I was trying to get it going in VMWare to play with it, and never got it to > boot. Maybe I will try 5.3 again. > > Thats a pretty old release, i would recommend you try the shortly upcoming 6.1, or 5.5 instead. I never personally ran VMware myself, but im pretty sure it should work ok. From drew at themarshalls.co.uk Mon Feb 27 23:25:43 2006 From: drew at themarshalls.co.uk (Drew Marshall) Date: Mon Feb 27 23:25:55 2006 Subject: OT Advice for server reinstalation In-Reply-To: References: <02fc01c6394d$f5abf470$1465a8c0@support01> <4400CC6F.7010209@fractalweb.com> <4400F30C.4010205@rogers.com> <4403865C.3060205@rogers.com> Message-ID: On 27 Feb 2006, at 23:14, Scott Silva wrote: > I was trying to get it going in VMWare to play with it, and never > got it to > boot. Maybe I will try 5.3 again. I wouldn't. The latest stable is 6. 5.3 in fact the whole 5.x weren't 'special' version releases. Certainly on my machines FBSD 6 works well. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy From steve.swaney at fsl.com Mon Feb 27 23:33:41 2006 From: steve.swaney at fsl.com (Stephen Swaney) Date: Mon Feb 27 23:33:44 2006 Subject: OT Advice for server reinstalation In-Reply-To: <4403865C.3060205@rogers.com> Message-ID: <0a7101c63bf6$3e0d2400$287ba8c0@office.fsl> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Mike Jakubik > Sent: Monday, February 27, 2006 6:08 PM > To: MailScanner discussion > Subject: Re: OT Advice for server reinstalation > > Scott Silva wrote: > > Mike Jakubik spake the following on 2/25/2006 4:15 PM: > > > >> Chris Yuzik wrote: > >> > >>> Nigel kendrick wrote: > >>> > >>>> I'd skip Fedora and put CentOS top of the list - it's a generic > >>>> recompile of > >>>> Red Hat Advanced Server - I'm running it on 5 servers. > >>>> www.centos.org > >>>> > >>>> NK > >>>> > >>>> > >>> I second the motion for CentOS. Our new super server that will be > >>> deployed within the week is running CentOS, and I'm extremely > impressed. > >>> > >> Even better, dump Linux altogether, and install an OS that works and is > >> easy to manage, FreeBSD. > >> > >> > > I have tried a couple times to install FreeBSD to play with it, and keep > > getting stuck. I guess I need to read another hundred online howto's. > > > > > > Where do you get stuck? It takes me 5 min to install FreeBSD, most Linux > distros take 20 and install crap i don't want/will never use. I don't > know why you want to read a hundred howto's, there is only one freebsd > handbook > ,which should address any questions for people new to it. The ports are > easy as pie to install. > As someone from the "states" I understand that Religious wars just get us into a lot trouble :) I've worked with a lot of different distributions and operating systems for well over 20 years now. They all have pluses and minuses. I use FreeBSD for routers and machines I just want to "set and forget" for the very valid reasons you list above. I also use a flavor of FreeBSD on my Mac laptop :) which I really enjoy. I use CentOS on our MailScanner gateways because I personally find it the easiest combo to keep updated - thanks to Julian's pre-digested easy rpm based updates. I completely agree with your statement "install crap i don't want/will never use". I always do a minimal install of CentOS and then `yum install` anything else that the Applications require. The minimal install takes about 10 minutes and frankly the CentOS `yum install` is faster the Red Hat's up2date or FreeBDS port installations. Dependencies are also very nicely handled. You can even script the installation the additional packages that are required for a typical MailScanner / SpamAssassin / MailWatch / Rules_du_Jour / Pyzor / Razor / DCC site setup. Bottom line: Go with what you're comfortable with and spend some time to understand the pros and cons of different operating systems. Use the right tool for the job but understand what tools are available. Let's let reason prevail, get well informed and then let everyone pick their own "Flavor" :) Best regards, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com From mikej at rogers.com Mon Feb 27 23:48:42 2006 From: mikej at rogers.com (Mike Jakubik) Date: Mon Feb 27 23:48:20 2006 Subject: OT Advice for server reinstalation In-Reply-To: <0a7101c63bf6$3e0d2400$287ba8c0@office.fsl> References: <0a7101c63bf6$3e0d2400$287ba8c0@office.fsl> Message-ID: <44038FDA.4000508@rogers.com> Stephen Swaney wrote: > As someone from the "states" I understand that Religious wars just get us > into a lot trouble :) > > Hehe, indeed. > I've worked with a lot of different distributions and operating systems for > well over 20 years now. They all have pluses and minuses. > > I use FreeBSD for routers and machines I just want to "set and forget" for > the very valid reasons you list above. I also use a flavor of FreeBSD on my > Mac laptop :) which I really enjoy. > > I use CentOS on our MailScanner gateways because I personally find it the > easiest combo to keep updated - thanks to Julian's pre-digested easy rpm > based updates. > cd /usr/ports/mail/mailscanner && make install :) > I completely agree with your statement "install crap i don't want/will never > use". I always do a minimal install of CentOS and then `yum install` > anything else that the Applications require. The minimal install takes about > 10 minutes and frankly the CentOS `yum install` is faster the Red Hat's > up2date or FreeBDS port installations. Dependencies are also very nicely > handled. You can even script the installation the additional packages that > are required for a typical MailScanner / SpamAssassin / MailWatch / > Rules_du_Jour / Pyzor / Razor / DCC site setup. > > You can also use pkg_add -r if you don't want to have the software compiled, this will deal with all the dependencies as well. The mailscanner port lest you choose if you want spamassassin , etc installed. So it's all really similar. > Bottom line: Go with what you're comfortable with and spend some time to > understand the pros and cons of different operating systems. Use the right > tool for the job but understand what tools are available. > > Let's let reason prevail, get well informed and then let everyone pick their > own "Flavor" :) > Agreed, no OS is prefect, they all have their strengths and weaknesses. So use what you are best with. From shrek-m at gmx.de Tue Feb 28 01:12:09 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Tue Feb 28 01:12:11 2006 Subject: OT: building a new MS machine and stuck at the firewall In-Reply-To: <440361DC.2070604@ecs.soton.ac.uk> References: <440361DC.2070604@ecs.soton.ac.uk> Message-ID: <4403A369.9000409@gmx.de> On 27.02.2006 21:32, Julian Field wrote: >Once you've got iptables in, how do you configure it? >Presumably there are some reasonable firewall configuration tools >included with RHEL/CentOS? > - afair iptables via `system-config-securitylevel` or `setup` selinux via `system-config-securitylevel` ipsec via `system-config-network` - you can edit /etc/sysconfig/iptables* by hand - execute your iptables rules and save it with `iptables-save` and check the new /etc/sysconfig/iptables. i am no expert but iirc you can setup your custom chain and process it before the rh fw chain, eg. iptables -N MS iptables -I INPUT 1 -j MS iptables -A MS your_rules -j ACCEPT service iptables save - i prefer to stop the iptables service and start my own iptables-script via /etc/rc.local eg. iptables -t filter -P INPUT DROP iptables -t filter -P OUTPUT DROP iptables -t filter -A INPUT ... -p tcp -m multiport --dport ... -j ACCEPT iptables -t filter -A OUTPUT ... -p tcp -m multiport --sport ... -j ACCEPT ... -- shrek-m From dmehler26 at woh.rr.com Tue Feb 28 03:25:01 2006 From: dmehler26 at woh.rr.com (Dave) Date: Tue Feb 28 03:34:54 2006 Subject: OT: building a new MS machine and stuck at the firewall References: <440361DC.2070604@ecs.soton.ac.uk> Message-ID: <003b01c63c16$8f758ab0$0200a8c0@satellite> Hi, I'd be very interested in knowing about a config utility for iptables. I've got two boxes, primary and secondary nameservers running bind9 that iptables when running does not allow zone queries and i'm getting flickering timeouts. I'm also getting a new CentOS box within the next 1 to two weeks that will be a dedicated mail server, ms-mta-sa-the works and i'd like to not have to fight the firewall. Thanks. Dave. ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Monday, February 27, 2006 3:32 PM Subject: Re: OT: building a new MS machine and stuck at the firewall > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Joshua Hirsh wrote: >>> Any simple command ex: service firewall stop chkconfig firewall or >>> something to turn it off? >>> >> >> >> Hi Billy, >> >> You have a few options: >> >> 1) type 'setup' as root and disable the firewall from there >> 2) type 'service iptables stop', and 'chkconfig iptables off' (this >> disabled the firewall startup script) >> 3) for a temporary removal until next reboot, type 'iptables -F' (this >> flushes out the iptables rules) >> > Once you've got iptables in, how do you configure it? > Presumably there are some reasonable firewall configuration tools > included with RHEL/CentOS? > I've always just done it the hard way, any time I've needed it (which is > rarely, we have FW-1 connected to an active IDS), but there must be an > easy way. > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQA/AwUBRANh3RH2WUcUFbZUEQLNAQCg9nXA4V/l/WAU1w57bqtLnBVr8pwAoK4x > ZXeOnpzopydwEmppc7JBgj1m > =lGQH > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From alex at nkpanama.com Tue Feb 28 06:00:04 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Feb 28 05:59:34 2006 Subject: OT Advice for server reinstalation In-Reply-To: <4402FCAE.65ED.00A2.0@plattesheriff.org> References: <000f01c6394c$9b207090$1601a8c0@NBZICHOVSKY2> <4402FCAE.65ED.00A2.0@plattesheriff.org> Message-ID: <4403E6E4.5030500@nkpanama.com> I'd back up all the relevant data and configs and start from scratch. Rob Poe wrote: > I'd do an upgrade from RH7.x to RH9, then upgrade from RH9 to CentOS > > But that's just me :) > > > >>>> zichovsky@trul.cz 2/24/2006 8:14 AM >>> >>>> > Hi There! > > My old RedHat 7 on server is comming to end of life, as some things are > not working correctly (but vital services like mail server > and MS are still runing OK) so I am preparing for clean neew OS install > on same (old) hardware. > > HW is pretty old, it is PIII900 with 256MB RAM, SCSI HDDs on Mylex > AcceleRAID 170 PCI RAID Controller (one RAID0 array) > (Yes, I know that 256MB is low, but it realy was enough in our > enviroment, swaping occured only in rare occasions.) I can't get new > HW, have to use this one. > > I am asking for advice which Linux distribution and products to use. > > Distribution have to be completely free (fully downloadable from > internet), > must be rpm compatible (or other packaging system, but rpm is > preffered), > must support my old HW (with RAID card), > must be "admin friendly" as I am not "big linux guru". > > Main Services which will be run on server (which are running also now) > Sendmail > POP3/IMAP (what to use here? Dovecot? Courrier? Something else?) > Apache > MailScanner > SpamAssassin > MailWatch > Samba > WebMin > MySQL > FireBird > > DHCP, DNS and firewall are running on other servers > > I am thinking of Fedora Core 4 distribution. But I am open for other > suggestion from more knowlegeable people here. > > Thanks in advance for suggestions. > > With regards > Pavel Zichovsky (zichovsky@trul) > > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060228/ef168a4f/attachment.html From mailscanner at PDSCC.COM Tue Feb 28 07:49:48 2006 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Tue Feb 28 07:49:56 2006 Subject: OT: building a new MS machine and stuck at the firewall In-Reply-To: <440361DC.2070604@ecs.soton.ac.uk> References: Message-ID: <200603031915.LAA21781@sheridan.sibble.net> On 27 Feb 2006 at 20:32, Julian Field wrote: > Once you've got iptables in, how do you configure it? > Presumably there are some reasonable firewall configuration tools > included with RHEL/CentOS? Well you can do it from the cli, or use the system-config-securitylevel (IIRC) tool, however this tool is VERY basic. Personally I prefer to install shorewall and webmin, disable the RHEL firewall and do all the shorewall configuration via webmin. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From Andreas.Doerfler at kempten.de Tue Feb 28 08:19:20 2006 From: Andreas.Doerfler at kempten.de (=?iso-8859-1?Q?D=F6rfler_Andreas?=) Date: Tue Feb 28 08:19:25 2006 Subject: ubuntu howto ? Message-ID: hey list, just a short question are there any howtos for ms + ubuntu installation ? or is there anything special i need to know (like the permissions error http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation ) greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ From michele at blacknight.ie Tue Feb 28 08:31:11 2006 From: michele at blacknight.ie (Michele Neylon:: Blacknight.ie) Date: Tue Feb 28 08:31:12 2006 Subject: ubuntu howto ? In-Reply-To: References: Message-ID: <44040A4F.5090409@blacknight.ie> D?rfler Andreas wrote: > hey list, > > just a short question > > are there any howtos for ms + ubuntu installation ? > > or is there anything special i need to know > (like the permissions error > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation ) > Just follow any instructions for debian. It *should* be the same or very similar -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 From Andreas.Doerfler at kempten.de Tue Feb 28 08:34:09 2006 From: Andreas.Doerfler at kempten.de (=?iso-8859-1?Q?D=F6rfler_Andreas?=) Date: Tue Feb 28 08:34:15 2006 Subject: ubuntu howto ? Message-ID: ok, i?ll try it on a xen system thanks michele greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Michele Neylon:: Blacknight.ie > Sent: Tuesday, February 28, 2006 9:31 AM > To: MailScanner discussion > Subject: Re: ubuntu howto ? > > D?rfler Andreas wrote: > > hey list, > > > > just a short question > > > > are there any howtos for ms + ubuntu installation ? > > > > or is there anything special i need to know (like the permissions > > error > > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:m > > ta:postfix:installation ) > > > Just follow any instructions for debian. It *should* be the > same or very similar > > -- > Mr Michele Neylon > Blacknight Solutions > Quality Business Hosting & Colocation > http://www.blacknight.ie/ > Tel. 1850 927 280 > Intl. +353 (0) 59 9183072 > Direct Dial: +353 (0)59 9183090 > Fax. +353 (0) 59 9164239 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From strydom.dave at gmail.com Tue Feb 28 08:58:04 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Tue Feb 28 08:58:08 2006 Subject: seems like a bug in the spam cache thing Message-ID: Hi, please refer to the attached picture, if not, let me know and i'll put it on the web. Basically an email gets picked up as spam with a spam score of like 19, the next message the comes in, has this message: Feb 28 09:05:42 Cerberus MailScanner[22928]: Saved archive copies of 1FDyvT-0006SE-Nn Feb 28 09:05:42 Cerberus MailScanner[22928]: SpamAssassin cache hit for message 1FDyvT-0006SE-Nn Feb 28 09:05:42 Cerberus MailScanner[22928]: Message 1FDyvT-0006SE-Nn from 220.104.253.235 (cleopatr@akeva.com) to xxxxxxxxxx.com is not spam, Feb 28 09:05:45 Cerberus MailScanner[22928]: Logging message 1FDyvT-0006SE-Nn to SQL Feb 28 09:05:45 Cerberus MailScanner[350]: 1FDyvT-0006SE-Nn: Logged to MailWatch SQL Mailwatch shows that the message has a score of 19, but it's marked as clean and mailscanner delivers it, the contains the exact same content as the previous message which was picked up as spam 30 seconds again. I am now see'ing messages with scores of 50 being seen as clean because of this SpamAssassin cache hit thing. Dave. -------------- next part -------------- A non-text attachment was scrubbed... Name: wtfmailscanner.JPG Type: image/jpeg Size: 45452 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060228/864d45b4/wtfmailscanner-0001.jpe From MailScanner at ecs.soton.ac.uk Tue Feb 28 09:24:14 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 28 09:24:26 2006 Subject: OT: building a new MS machine and stuck at the firewall In-Reply-To: <4403821F.4030503@taz-mania.com> References: <440361DC.2070604@ecs.soton.ac.uk> <4403821F.4030503@taz-mania.com> Message-ID: <7EE0254D-DDB1-4E52-A7E1-B78C6CF89C47@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 27 Feb 2006, at 22:50, Dennis Willson wrote: > If you're new to managing Linux, Yeah, a bit, only been doing it since we first opened our public 24x7 Linux lab back in 1993. :-) Thanks for the thought though ;-> > Webmin can make life a lot easier. You can also sometimes learn a > few things by looking at the config files before and after you do > something in Webmin to understand what the configs are really doing. > > Dennis > > Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Joshua Hirsh wrote: >> >>>> Any simple command ex: service firewall stop chkconfig firewall or >>>> something to turn it off? >>>> >>> Hi Billy, >>> >>> You have a few options: >>> >>> 1) type 'setup' as root and disable the firewall from there >>> 2) type 'service iptables stop', and 'chkconfig iptables >>> off' (this disabled the firewall startup script) >>> 3) for a temporary removal until next reboot, type 'iptables - >>> F' (this flushes out the iptables rules) >>> >> Once you've got iptables in, how do you configure it? >> Presumably there are some reasonable firewall configuration tools >> included with RHEL/CentOS? >> I've always just done it the hard way, any time I've needed it >> (which is rarely, we have FW-1 connected to an active IDS), but >> there must be an easy way. >> >> - -- Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.5 (Build 5050) >> >> iQA/AwUBRANh3RH2WUcUFbZUEQLNAQCg9nXA4V/l/WAU1w57bqtLnBVr8pwAoK4x >> ZXeOnpzopydwEmppc7JBgj1m >> =lGQH >> -----END PGP SIGNATURE----- >> >> > > -- > > ---------------------------------- > Dennis Willson > mailto:taz@taz-mania.com > http://www.taz-mania.com > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAQWwvw32o+k+q+hAQE6oAf/T+xeRlFNT077Mn5R0E4fU2iliTH/f8Ma ipbTFnbx4tlhM4j8atIaGcXwobUaJPt1KJ/7GElraGprdVFnzao6xbg0tUzVUJJg X1PuXfcGJOkhOLB7iAEKag3TgpUg3vmqdPT5bWFow/xorDmoBRe3Ep46hQD54ivg aAn63zXhyQooZshl4STLV34uUOXkdZUfS7DzRbwXA+ebdxcaIdzg7nsisY0SQAfx +N8pJkX93tLEks9owdikP+VLEgusrPwRNbUvDd3uGecvkCJ9crdlCLA3g3ixwqQA I9mC2EMrm/4M471pmKB2gVArF1uKdzntjaC+gFakNaoeUhJeTlbmDg== =lKOL -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From P.G.M.Peters at utwente.nl Tue Feb 28 09:44:57 2006 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Tue Feb 28 09:45:00 2006 Subject: 4.51.3 -- Re: Beta 4.51.2: "Use TNEF Contents" In-Reply-To: References: <44032DE7.5030007@ecs.soton.ac.uk> <4403360D.7020202@nkpanama.com> Message-ID: <44041B99.9080300@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeff A. Earickson wrote on 27-2-2006 19:13: > And don't forget the MessageID in the line!! Thanks! You mean the Queue-ID. And it shouldn't only show "replaced" but also "added" if that was the action. - -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEBBuZelLo80lrIdIRAii0AJ4+ZIHhS0CFelzv22oHj9IL+oh1dgCdGR2W jK/6S6DjbxtPAe8qn+lyElI= =IkYP -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Tue Feb 28 09:54:21 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 28 09:54:31 2006 Subject: 4.51.3 -- Re: Beta 4.51.2: "Use TNEF Contents" In-Reply-To: <44041B99.9080300@utwente.nl> References: <44032DE7.5030007@ecs.soton.ac.uk> <4403360D.7020202@nkpanama.com> <44041B99.9080300@utwente.nl> Message-ID: <3BF35550-A91B-49F0-8A5F-808146079F4E@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 28 Feb 2006, at 09:44, Peter Peters wrote: > * PGP Signed by an unverified key: 02/28/06 at 09:44:57 > > Jeff A. Earickson wrote on 27-2-2006 19:13: >> And don't forget the MessageID in the line!! Thanks! > > You mean the Queue-ID. And it shouldn't only show "replaced" but also > "added" if that was the action. The removal of the winmail.dat is done in a totally different place from the addition of the TNEF attachments. So I would have to re- evaluate the config option (which could potentially involve a lot of work) just for the log line. I'm currently leaning towards listing the queue-id and the TNEF attachment files that were added. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAQd0Pw32o+k+q+hAQGNjwgAmIuiT/TgeeDIzR9Jo+sBoWQFeTrj0zCH F80ZqNSadGBvANkcx8HtiDmAxVDxccOKQ19SPTX72BcPMlwP3WmhNgypwbK7nr3A jdiTwuXVcQ3zqYHNmyOR1nEfohe1Dj50N1hYhsSO7QTJRgwuFsqz3wjZO2HLMteu TqNxhMA2bkTyEn0P8q6YMWGiJP1zDYTjse3SgJCgqXilWndd3uHCpfie/JyTIHNC fSdfGq9MfbEY65bmvwz232Q8oSvhxJPuaGwF9bfMqd/+mlHNgKPbod8PGy7wY6HE pq8BtMdXJdKHAALNMd0YLXIkhI/fujvPOI7TPUj7pbw0yZ1xdC0/HA== =LwZs -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ram at netcore.co.in Tue Feb 28 10:09:26 2006 From: ram at netcore.co.in (Ramprasad) Date: Tue Feb 28 10:09:29 2006 Subject: seems like a bug in the spam cache thing In-Reply-To: References: Message-ID: <1141121366.4695.29.camel@darkstar.netcore.co.in> On Tue, 2006-02-28 at 10:58 +0200, Dave Strydom wrote: > Hi, > > please refer to the attached picture, if not, let me know and i'll put > it on the web. > > Basically an email gets picked up as spam with a spam score of like > 19, the next message the comes in, has this message: > Look at the maillog for both the mails. See what rules hit the second mail and missed the first. Most likely these are dns checks. all the RCVD_IN_* checks Even on my server I get same mails with different scores and they are because of inconsistent scores by the dns checks, though we run a caching nameserver. I think these dns servers are not always available so that makes the difference. Thanks Ram From P.G.M.Peters at utwente.nl Tue Feb 28 10:09:55 2006 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Tue Feb 28 10:09:59 2006 Subject: 4.51.3 -- Re: Beta 4.51.2: "Use TNEF Contents" In-Reply-To: <3BF35550-A91B-49F0-8A5F-808146079F4E@ecs.soton.ac.uk> References: <44032DE7.5030007@ecs.soton.ac.uk> <4403360D.7020202@nkpanama.com> <44041B99.9080300@utwente.nl> <3BF35550-A91B-49F0-8A5F-808146079F4E@ecs.soton.ac.uk> Message-ID: <44042173.1080503@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote on 28-2-2006 10:54: >>>You mean the Queue-ID. And it shouldn't only show "replaced" but also >>>"added" if that was the action. > > The removal of the winmail.dat is done in a totally different place > from the addition of the TNEF attachments. So I would have to re- > evaluate the config option (which could potentially involve a lot of > work) just for the log line. I'm currently leaning towards listing > the queue-id and the TNEF attachment files that were added. This would mean one line where you tell the winmail.dat was removed and another were you state the files added? If both contain the queueID this would be enough. - -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEBCFzelLo80lrIdIRAptoAJoCdEdHGz9FG9now2zPRxw2s61DMwCbB2zH +Hiwb6YdO/uioq2Mm4GBEs0= =iQqP -----END PGP SIGNATURE----- From darren at torsion.co.uk Tue Feb 28 10:21:12 2006 From: darren at torsion.co.uk (Darren Walker) Date: Tue Feb 28 10:21:15 2006 Subject: OT Advice for server reinstalation In-Reply-To: <4403E6E4.5030500@nkpanama.com> Message-ID: <006601c63c50$b36838c0$6501a8c0@lappy> Hi If you are looking for an easy install with a etc. http://www.nuonce.net/bluequartz.php darren _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans Sent: 28 February 2006 06:00 To: MailScanner discussion Subject: Re: OT Advice for server reinstalation I'd back up all the relevant data and configs and start from scratch. Rob Poe wrote: I'd do an upgrade from RH7.x to RH9, then upgrade from RH9 to CentOS But that's just me :) zichovsky@trul.cz 2/24/2006 8:14 AM >>> Hi There! My old RedHat 7 on server is comming to end of life, as some things are not working correctly (but vital services like mail server and MS are still runing OK) so I am preparing for clean neew OS install on same (old) hardware. HW is pretty old, it is PIII900 with 256MB RAM, SCSI HDDs on Mylex AcceleRAID 170 PCI RAID Controller (one RAID0 array) (Yes, I know that 256MB is low, but it realy was enough in our enviroment, swaping occured only in rare occasions.) I can't get new HW, have to use this one. I am asking for advice which Linux distribution and products to use. Distribution have to be completely free (fully downloadable from internet), must be rpm compatible (or other packaging system, but rpm is preffered), must support my old HW (with RAID card), must be "admin friendly" as I am not "big linux guru". Main Services which will be run on server (which are running also now) Sendmail POP3/IMAP (what to use here? Dovecot? Courrier? Something else?) Apache MailScanner SpamAssassin MailWatch Samba WebMin MySQL FireBird DHCP, DNS and firewall are running on other servers I am thinking of Fedora Core 4 distribution. But I am open for other suggestion from more knowlegeable people here. Thanks in advance for suggestions. With regards Pavel Zichovsky (zichovsky@trul) -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -- This message has been scanned for viruses and dangerous content by Torsion Internet Ltd, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Torsion Internet Ltd, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060228/b9a60ea4/attachment.html From evanderleun at hal9000.nl Tue Feb 28 10:30:51 2006 From: evanderleun at hal9000.nl (Erik van der Leun) Date: Tue Feb 28 10:31:07 2006 Subject: delay in sending after restart Message-ID: Hi, I've seen it more often, that after a restart of MailScanner, it takes quite a while before mails actually get sent out... Mail is accepted, mail is scanned... but not sent through. It took about 2 minutes before the first mail really got sent out. This doesn't always occur at a restart though... not even that often either. What can I do to debug this process... to see what MailScanner is waiting for? (I'd rather not interrupt the mailflow in this though, it is a production server after all :> ) Most interesting bit of this mail is now finished... for those who care read on :) Kind regards, Erik van der Leun The machine has quite enough resources...: - hyperthreading Intel Xeon 2800 processor - 1GB of RAM Other noteworthy issues: I use gentoo, with init scripts of the following url http://bugs.gentoo.org/show_bug.cgi?id=36060 (Gentoo doesn't have a maintainer yet for MailScanner, thus it's still here) Not really interesting maybe, but here is the only output of these initscripts. * Stopping MailScanner... * checking MTA availability for MailScanner... * Stopping incoming sendmail... * Stopping outgoing sendmail... * checking MTA availability for MailScanner... * Starting incoming sendmail... * Starting outgoing sendmail... * Starting MailScanner... From dannyz at belgonet.com Tue Feb 28 23:43:20 2006 From: dannyz at belgonet.com (dannyz@belgonet.com) Date: Tue Feb 28 10:33:07 2006 Subject: OT Advice for server reinstalation Message-ID: <23125628.1721141170200499.JavaMail.root@uu212-190-229-211.unknown.uunet.be> our could have a look at zimbra ----- Original Message ----- From: Darren Walker To: MailScanner discussion Sent: dinsdag 28 februari 2006 11:21:12 Subject: RE: OT Advice for server reinstalation Hi If you are looking for an easy install with a etc. http://www.nuonce.net/bluequartz.php darren From: mailscanner-bounces@lists.mailscanner..info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans Sent: 28 February 2006 06:00 To: MailScanner discussion Subject: Re: OT Advice for server reinstalation I'd back up all the relevant data and configs and start from scratch. Rob Poe wrote: I'd do an upgrade from RH7.x to RH9, then upgrade from RH9 to CentOS But that's just me :) zichovsky@trul.cz 2/24/2006 8:14 AM >>> Hi There! My old RedHat 7 on server is comming to end of life, as some things are not working correctly (but vital services like mail server and MS are still runing OK) so I am preparing for clean neew OS install on same (old) hardware. HW is pretty old, it is PIII900 with 256MB RAM, SCSI HDDs on Mylex AcceleRAID 170 PCI RAID Controller (one RAID0 array) (Yes, I know that 256MB is low, but it realy was enough in our enviroment, swaping occured only in rare occasions.) I can't get new HW, have to use this one. I am asking for advice which Linux distribution and products to use. Distribution have to be completely free (fully downloadable from internet), must be rpm compatible (or other packaging system, but rpm is preffered), must support my old HW (with RAID card), must be "admin friendly" as I am not "big linux guru".. Main Services which will be run on server (which are running also now) Sendmail POP3/IMAP (what to use here? Dovecot? Courrier? Something else?) Apache MailScanner SpamAssassin MailWatch Samba WebMin MySQL FireBird DHCP, DNS and firewall are running on other servers I am thinking of Fedora Core 4 distribution. But I am open for other suggestion from more knowlegeable people here. Thanks in advance for suggestions. With regards Pavel Zichovsky (zichovsky@trul) -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ -- This message has been scanned for viruses and dangerous content by Torsion Internet Ltd , and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Torsion Internet Ltd , and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. From shrek-m at gmx.de Tue Feb 28 10:52:29 2006 From: shrek-m at gmx.de (shrek-m@gmx.de) Date: Tue Feb 28 10:52:38 2006 Subject: OT: building a new MS machine and stuck at the firewall In-Reply-To: <003b01c63c16$8f758ab0$0200a8c0@satellite> References: <440361DC.2070604@ecs.soton.ac.uk> <003b01c63c16$8f758ab0$0200a8c0@satellite> Message-ID: <44042B6D.20608@gmx.de> On 28.02.2006 04:25, Dave wrote: > I've got two boxes, primary and secondary nameservers running bind9 > that iptables when running does not allow zone queries and i'm getting > flickering timeouts. i would accept both. 53:tcp and 53:udp, input - destinationport and output - sourceport you can check it with tcpdump, ethereal, ... # tcpdump -nn -i eth0 udp port 53 11:31:47.354932 IP 192.168.101.10.32768 > 192.36.148.17.53: [...] 11:31:47.424684 IP 192.36.148.17.53 > 192.168.101.10.32768: [...] # tcpdump -nn -i eth0 tcp port 53 ... http://lists.mailscanner.info/pipermail/mailscanner/2006-February/058512.html Subject: RE: MailScanner Ports ? From: Randal, Phil So I stand by what I said. For proper functioning of DNS, TCP and UDP ports 53 are needed. From evanderleun at hal9000.nl Tue Feb 28 10:58:14 2006 From: evanderleun at hal9000.nl (Erik van der Leun) Date: Tue Feb 28 10:58:36 2006 Subject: spam detected but not tagged Message-ID: Hi, Another issue I fail to understand... Since I've recently upgraded MailScanner to 4.50.15.1 and added pyzor, razor2 checks, it sometimes occurs that spam is detected well, but not tagged as spam. In the mailheaders, I even see the spamscore, but the mail is not treated as spam... just sent through the regular way. No spam subject tag is added either. Any thoughts? Kind regards, Erik van der Leun From MailScanner at ecs.soton.ac.uk Tue Feb 28 10:58:51 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 28 10:59:05 2006 Subject: 4.51.3 -- Re: Beta 4.51.2: "Use TNEF Contents" In-Reply-To: <44042173.1080503@utwente.nl> References: <44032DE7.5030007@ecs.soton.ac.uk> <4403360D.7020202@nkpanama.com> <44041B99.9080300@utwente.nl> <3BF35550-A91B-49F0-8A5F-808146079F4E@ecs.soton.ac.uk> <44042173.1080503@utwente.nl> Message-ID: <9B21B53C-7284-4AB2-B8B6-59F198CDE1D6@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 28 Feb 2006, at 10:09, Peter Peters wrote: > * PGP Signed by an unverified key: 02/28/06 at 10:09:55 > > Julian Field wrote on 28-2-2006 10:54: > >>>> You mean the Queue-ID. And it shouldn't only show "replaced" but >>>> also >>>> "added" if that was the action. >> >> The removal of the winmail.dat is done in a totally different place >> from the addition of the TNEF attachments. So I would have to re- >> evaluate the config option (which could potentially involve a lot of >> work) just for the log line. I'm currently leaning towards listing >> the queue-id and the TNEF attachment files that were added. > > This would mean one line where you tell the winmail.dat was removed > and > another were you state the files added? > If both contain the queueID this would be enough. Fair enough. Done. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAQs7vw32o+k+q+hAQElZQgAjZS8xIDnU3UKz02sVt/CP2T8VX0K3Num c6YSjQcSKPwaZfY4XCFX2RulhPIj/O+tSw4NK94wNjsT/89P/EW9xpFg+qDzMxVK U0CVwnX0WtMhEdCD4HMHS9ky7U6wSV8OqQh+hg0AdQWsNFBnQu9gH3B5C7n2VDOK b7uUzULo4lyNRi6TMa6s3BCGxdDDHPHfULJDrY3f046Cg8W3dtEVWsWxBzUmHI6E StnomtRPP60//pVwPN9Frx6lG6IOWEG2LRjh6V4K+btOtlzvjsyMTxGgL3lUfLOT lJbWFkkmlXDs7JtVe6C/tG1z6DBwwiuGMhB6Vl5dqhs+S18YsBl19A== =Fp+Y -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Feb 28 11:02:00 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 28 11:02:09 2006 Subject: Outlook RTF in MS version 4.50.15-1 In-Reply-To: <009001c63bf1$2bad69a0$6500a8c0@kdinet.local> References: <009001c63bf1$2bad69a0$6500a8c0@kdinet.local> Message-ID: <7461D8E0-6113-4D58-A060-533F3C921424@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- On 27 Feb 2006, at 22:57, Diane Rolland wrote: > I know there is a thread about the upcoming "Add TNEF Contents" in > the beta > version, but I just upgraded to 4.50.15-1 over the weekend. > > Today, I'm seeing the following: > > MailScanner: No Outlook Rich Text Format messages due to security hole > use HTML instead (winmail.dat) > > > Is there a workaround for me until I can upgrade to the version > that will > include the TNEF Contents feature? You will find rules in filename.rules.conf and filetype.rules.conf which are set to block TNEF attachments and winmail.dat files. Just comment out those rules. > > I have most of the users now using HTML rather than RTF, but still > sometimes > get legitamate email inbound in RTF. > > Any suggestions? > > Thanks!, > Diane > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAQtq/w32o+k+q+hAQH2uAf/bw77JifYEJJrr5ZQWlTpCkLnhMs4mKLK UabvWQvjk1qJizAj1T3nceyjItTbCcAxms41RA3jkXPCMIq+w92FB9wUXZLU98Ld QqsZnSWSyXLlfFPlXm9Rp0Yv4E3ZIeQyzT1fRcUxULl5FT48JaGhAu7nrv+IFVOr loxaEwtGJ4xzD/QomFdO1z4yFFNcpStozAitxKMNqBQN9EkMYcJRk5XMT2WHcBeb wDYOfga5WhiIjOxbinHYTlerMOz3bDdIbo5y+PTTElrGtb8MWii6uF8v+x/e14Ee KSert87c5mTkKRHu/pw/SkcEQTptLigh0uY14Hq0NXm0beVSfMRtVQ== =oPK7 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From strydom.dave at gmail.com Tue Feb 28 11:28:12 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Tue Feb 28 11:28:15 2006 Subject: spam detected but not tagged In-Reply-To: References: Message-ID: It's not the difference in score which is concerning me, it's the fact that the first email is seems as spam at a score of 19 and the 2nd is seen as non-spam with a score of 19.1 It seems all emails that are being picked up by the spamassassin cache file are getting scores of spam, but are being allowed through as non-spam If you look at the picture http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060228/864d45b4/wtfmailscanner-0001.jpe you can see they both have the same score, except the one is just being allowed through as if it wasn't spam, but the score is still 19. I'm getting emails that are scoring well over 50 as spam being allowed through as non-spam. On 2/28/06, Erik van der Leun wrote: > Hi, > > Another issue I fail to understand... > > Since I've recently upgraded MailScanner to 4.50.15.1 and added > pyzor, razor2 checks, it sometimes occurs that spam is detected > well, but not tagged as spam. > > In the mailheaders, I even see the spamscore, but the mail is > not treated as spam... just sent through the regular way. > > No spam subject tag is added either. > > Any thoughts? > > Kind regards, > Erik van der Leun > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From strydom.dave at gmail.com Tue Feb 28 11:29:54 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Tue Feb 28 11:29:57 2006 Subject: spam detected but not tagged In-Reply-To: References: Message-ID: oops, wrong thread :/ On 2/28/06, Dave Strydom wrote: > It's not the difference in score which is concerning me, it's the fact > that the first email is seems as spam at a score of 19 and the 2nd is > seen as non-spam with a score of 19.1 > > > It seems all emails that are being picked up by the spamassassin cache > file are getting scores of spam, but are being allowed through as > non-spam > > If you look at the picture > http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060228/864d45b4/wtfmailscanner-0001.jpe > > you can see they both have the same score, except the one is just > being allowed through as if it wasn't spam, but the score is still 19. > > I'm getting emails that are scoring well over 50 as spam being allowed > through as non-spam. > > > > > > > On 2/28/06, Erik van der Leun wrote: > > Hi, > > > > Another issue I fail to understand... > > > > Since I've recently upgraded MailScanner to 4.50.15.1 and added > > pyzor, razor2 checks, it sometimes occurs that spam is detected > > well, but not tagged as spam. > > > > In the mailheaders, I even see the spamscore, but the mail is > > not treated as spam... just sent through the regular way. > > > > No spam subject tag is added either. > > > > Any thoughts? > > > > Kind regards, > > Erik van der Leun > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > From strydom.dave at gmail.com Tue Feb 28 11:30:55 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Tue Feb 28 11:30:58 2006 Subject: seems like a bug in the spam cache thing In-Reply-To: <1141121366.4695.29.camel@darkstar.netcore.co.in> References: <1141121366.4695.29.camel@darkstar.netcore.co.in> Message-ID: its not the difference in score, it's the fact that it's scoring 19 from the spamassassin cache but is not being treated as spam, it's being treated as clean mail. Dave On 2/28/06, Ramprasad wrote: > > > On Tue, 2006-02-28 at 10:58 +0200, Dave Strydom wrote: > > Hi, > > > > please refer to the attached picture, if not, let me know and i'll put > > it on the web. > > > > Basically an email gets picked up as spam with a spam score of like > > 19, the next message the comes in, has this message: > > > > > Look at the maillog for both the mails. See what rules hit the second > mail and missed the first. > > Most likely these are dns checks. all the RCVD_IN_* checks > > Even on my server I get same mails with different scores and they are > because of inconsistent scores by the dns checks, though we run a > caching nameserver. I think these dns servers are not always available > so that makes the difference. > > Thanks > Ram > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Tue Feb 28 11:50:12 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 28 11:50:22 2006 Subject: seems like a bug in the spam cache thing In-Reply-To: References: <1141121366.4695.29.camel@darkstar.netcore.co.in> Message-ID: <1EC84950-E694-41CE-AE10-11EFDD2BC24F@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- What OS and release are you using? On 28 Feb 2006, at 11:30, Dave Strydom wrote: > its not the difference in score, it's the fact that it's scoring 19 > from the spamassassin cache but is not being treated as spam, it's > being treated as clean mail. > > Dave > > On 2/28/06, Ramprasad wrote: >> >> >> On Tue, 2006-02-28 at 10:58 +0200, Dave Strydom wrote: >>> Hi, >>> >>> please refer to the attached picture, if not, let me know and >>> i'll put >>> it on the web. >>> >>> Basically an email gets picked up as spam with a spam score of like >>> 19, the next message the comes in, has this message: >>> >> >> >> Look at the maillog for both the mails. See what rules hit the second >> mail and missed the first. >> >> Most likely these are dns checks. all the RCVD_IN_* checks >> >> Even on my server I get same mails with different scores and they are >> because of inconsistent scores by the dns checks, though we run a >> caching nameserver. I think these dns servers are not always >> available >> so that makes the difference. >> >> Thanks >> Ram >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAQ4+Pw32o+k+q+hAQFA1QgAj9SX7h301Ovwxu6xSOJknSj7a4gPMben 4ibfY6Vb34IeCiNTvmbi4ghgejgZp6OWWNo6EcO69NV1EPZ9XcQhynOm0VtFmd5u R233keGwQv9t88XVor34/BPKhAk/aGzT6rV5SS1K2zsSWk810rPRPdyL8ePyQ7tX SVd4BSO5oRGY+QYUIsq/lfoK3O+e6CAsEZ9hl2uIKgglyCxPlGbu4qdgu4ZrR7ov Q0x9WlMUf/V9NgDTyDXRaksXfZTsfM7b7tVt2EzOfNZp2h7XKoAWjrd/kqfOE6Ij kVS8KW1f7Vg30xf/B6pjiPTVPu5epUDXWVj6cD+iT+i38/NscWQJkg== =QiAm -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Mailscanner at mailing.kaufland-informationssysteme.com Tue Feb 28 12:01:56 2006 From: Mailscanner at mailing.kaufland-informationssysteme.com (Matthias Sutter) Date: Tue Feb 28 12:01:59 2006 Subject: Spam Policy per user In-Reply-To: <2E09A52C9852E24A9A084352AB68F2C5D19868@w2k3-tp.techpro.local> References: <2E09A52C9852E24A9A084352AB68F2C5D19868@w2k3-tp.techpro.local> Message-ID: <44043BB4.7080300@mailing.kaufland-informationssysteme.com> Hi Barray, sounds good - can you send me a copy of your code and some sentences - howto implement? Matthias Barry Bourdage wrote: > I have helped with one to work with MailWatch, but if you had the >database defined, it would run without modifications. > >Please e-mail me, if you would like the code. > >Barry > > >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian >Field >Sent: Monday, February 27, 2006 11:55 AM >To: MailScanner discussion >Subject: Re: Spam Policy per user > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > > > >Matthias Sutter wrote: > > >>Hi, >> >>our mailscanner installation work very well but now we should >>implement a function that the user have the option to change the Spam >>properties/handling. >>For example there are 3 lists off users: >> >>the first - the user should get no Spam >> >> >Spam Actions = delete >High Scoring Spam Actions = delete > > >>the second - the user get no high score Spam and all others are marked >> >> > > > >>in the subject line >> >> >Spam Actions = deliver >High Scoring Spam Actions = delete > > >>and the last and default - no Spam detection and filter is active. >> >> >Spam Actions = deliver >High Scoring Spam Actions = deliver > >All you need to do is write a bit of support for some sort of backend >with a Custom Function for "Spam Actions" and "High Scoring Spam >Actions" to produce either the "deliver" or "delete" actions as >appropriate. > >Once you have some sort of a DB backend to store the data in, this is >only a few lines of code to do the Custom Functions required. >No huge job. > > >>Can I build this scenario with mailscanner ? >> >>Thanks in advance >>Matthias >> >> > >- -- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store Professional >Support Services at www.MailScanner.biz MailScanner thanks transtec >Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.0.5 (Build 5050) > >iQA/AwUBRAM9BRH2WUcUFbZUEQKxlwCbB3WOv8v+GwuejKfI0ieCuI4Y2S8AoMBp >2qNMSBvnWtYZFzl7dP5s7S8F >=dqo/ >-----END PGP SIGNATURE----- > >-- >This message has been scanned for viruses and dangerous content by >MailScanner, and is believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > > From jaearick at colby.edu Tue Feb 28 12:22:59 2006 From: jaearick at colby.edu (Jeff A. Earickson) Date: Tue Feb 28 12:23:09 2006 Subject: 4.51.3 -- Re: Beta 4.51.2: "Use TNEF Contents" In-Reply-To: <3BF35550-A91B-49F0-8A5F-808146079F4E@ecs.soton.ac.uk> References: <44032DE7.5030007@ecs.soton.ac.uk> <4403360D.7020202@nkpanama.com> <44041B99.9080300@utwente.nl> <3BF35550-A91B-49F0-8A5F-808146079F4E@ecs.soton.ac.uk> Message-ID: I meant the unique identifier for the mail message, if possible, eg: sendmail[22911]: [ID 801593 mail.info] k1S5011d022758: to=... ^^^^^^^^^^^^^^ Having this identifier in MailScanner syslogging always helps. If it isn't available in the TNEF code, then any "add" or "replace" syslogging would be a good thing. Jeff Earickson Colby College On Tue, 28 Feb 2006, Julian Field wrote: > Date: Tue, 28 Feb 2006 09:54:21 +0000 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: 4.51.3 -- Re: Beta 4.51.2: "Use TNEF Contents" > > -----BEGIN PGP SIGNED MESSAGE----- > > > On 28 Feb 2006, at 09:44, Peter Peters wrote: > >> * PGP Signed by an unverified key: 02/28/06 at 09:44:57 >> >> Jeff A. Earickson wrote on 27-2-2006 19:13: >>> And don't forget the MessageID in the line!! Thanks! >> >> You mean the Queue-ID. And it shouldn't only show "replaced" but also >> "added" if that was the action. > > The removal of the winmail.dat is done in a totally different place > from the addition of the TNEF attachments. So I would have to re- > evaluate the config option (which could potentially involve a lot of > work) just for the log line. I'm currently leaning towards listing > the queue-id and the TNEF attachment files that were added. > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQEVAwUBRAQd0Pw32o+k+q+hAQGNjwgAmIuiT/TgeeDIzR9Jo+sBoWQFeTrj0zCH > F80ZqNSadGBvANkcx8HtiDmAxVDxccOKQ19SPTX72BcPMlwP3WmhNgypwbK7nr3A > jdiTwuXVcQ3zqYHNmyOR1nEfohe1Dj50N1hYhsSO7QTJRgwuFsqz3wjZO2HLMteu > TqNxhMA2bkTyEn0P8q6YMWGiJP1zDYTjse3SgJCgqXilWndd3uHCpfie/JyTIHNC > fSdfGq9MfbEY65bmvwz232Q8oSvhxJPuaGwF9bfMqd/+mlHNgKPbod8PGy7wY6HE > pq8BtMdXJdKHAALNMd0YLXIkhI/fujvPOI7TPUj7pbw0yZ1xdC0/HA== > =LwZs > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From strydom.dave at gmail.com Tue Feb 28 12:38:23 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Tue Feb 28 12:38:36 2006 Subject: seems like a bug in the spam cache thing In-Reply-To: <1EC84950-E694-41CE-AE10-11EFDD2BC24F@ecs.soton.ac.uk> References: <1141121366.4695.29.camel@darkstar.netcore.co.in> <1EC84950-E694-41CE-AE10-11EFDD2BC24F@ecs.soton.ac.uk> Message-ID: Gentoo Linux and Version 4.50.15-1 with spamassassin 3.1.0 I have two other scanning servers using an older version with spamassassin 3.0 and they are fine. This has only started happening since this release of MailScanner, and it seems to only happen with emails that get a hit in the spamassassin cache. Dave On 2/28/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > What OS and release are you using? > > On 28 Feb 2006, at 11:30, Dave Strydom wrote: > > > its not the difference in score, it's the fact that it's scoring 19 > > from the spamassassin cache but is not being treated as spam, it's > > being treated as clean mail. > > > > Dave > > > > On 2/28/06, Ramprasad wrote: > >> > >> > >> On Tue, 2006-02-28 at 10:58 +0200, Dave Strydom wrote: > >>> Hi, > >>> > >>> please refer to the attached picture, if not, let me know and > >>> i'll put > >>> it on the web. > >>> > >>> Basically an email gets picked up as spam with a spam score of like > >>> 19, the next message the comes in, has this message: > >>> > >> > >> > >> Look at the maillog for both the mails. See what rules hit the second > >> mail and missed the first. > >> > >> Most likely these are dns checks. all the RCVD_IN_* checks > >> > >> Even on my server I get same mails with different scores and they are > >> because of inconsistent scores by the dns checks, though we run a > >> caching nameserver. I think these dns servers are not always > >> available > >> so that makes the difference. > >> > >> Thanks > >> Ram > >> > >> > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQEVAwUBRAQ4+Pw32o+k+q+hAQFA1QgAj9SX7h301Ovwxu6xSOJknSj7a4gPMben > 4ibfY6Vb34IeCiNTvmbi4ghgejgZp6OWWNo6EcO69NV1EPZ9XcQhynOm0VtFmd5u > R233keGwQv9t88XVor34/BPKhAk/aGzT6rV5SS1K2zsSWk810rPRPdyL8ePyQ7tX > SVd4BSO5oRGY+QYUIsq/lfoK3O+e6CAsEZ9hl2uIKgglyCxPlGbu4qdgu4ZrR7ov > Q0x9WlMUf/V9NgDTyDXRaksXfZTsfM7b7tVt2EzOfNZp2h7XKoAWjrd/kqfOE6Ij > kVS8KW1f7Vg30xf/B6pjiPTVPu5epUDXWVj6cD+iT+i38/NscWQJkg== > =QiAm > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From shuttlebox at gmail.com Tue Feb 28 12:42:06 2006 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Feb 28 12:42:10 2006 Subject: spam detected but not tagged In-Reply-To: References: Message-ID: <625385e30602280442j2ee126a9rd0b6261a44a9e062@mail.gmail.com> On 2/28/06, Erik van der Leun wrote: > Hi, > > Another issue I fail to understand... > > Since I've recently upgraded MailScanner to 4.50.15.1 and added > pyzor, razor2 checks, it sometimes occurs that spam is detected > well, but not tagged as spam. > > In the mailheaders, I even see the spamscore, but the mail is > not treated as spam... just sent through the regular way. > > No spam subject tag is added either. > > Any thoughts? Post some headers and maybe some log snippets, otherwise it's hard to help. -- /peter From drolland at kdinet.com Tue Feb 28 13:41:32 2006 From: drolland at kdinet.com (Diane Rolland) Date: Tue Feb 28 13:41:37 2006 Subject: Outlook RTF in MS version 4.50.15-1 In-Reply-To: <7461D8E0-6113-4D58-A060-533F3C921424@ecs.soton.ac.uk> Message-ID: <015601c63c6c$b0cdf520$6500a8c0@kdinet.local> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > On 27 Feb 2006, at 22:57, Diane Rolland wrote: > >> I know there is a thread about the upcoming "Add TNEF Contents" in >> the beta version, but I just upgraded to 4.50.15-1 over the weekend. >> >> Today, I'm seeing the following: >> >> MailScanner: No Outlook Rich Text Format messages due to security >> hole use HTML instead (winmail.dat) >> >> >> Is there a workaround for me until I can upgrade to the version that >> will include the TNEF Contents feature? > > You will find rules in filename.rules.conf and filetype.rules.conf > which are set to block TNEF attachments and winmail.dat files. Just > comment out those rules. Found them, thanks. The TNEF were already commented out in the filetype.rules.conf, so I just needed to comment out the winmail.dat file in filename.rules.conf. I overlooked that earlier. Thanks again! From P.G.M.Peters at utwente.nl Tue Feb 28 13:47:03 2006 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Tue Feb 28 13:47:08 2006 Subject: delay in sending after restart In-Reply-To: References: Message-ID: <44045457.8050005@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Erik van der Leun wrote on 28-2-2006 11:30: > Hi, > > I've seen it more often, that after a restart of MailScanner, it takes > quite a while before mails actually get sent out... Mail is accepted, > mail is scanned... but not sent through. > > It took about 2 minutes before the first mail really got sent out. > This doesn't always occur at a restart though... not even that often > either. > > What can I do to debug this process... to see what MailScanner is waiting > for? (I'd rather not interrupt the mailflow in this though, it is a > production > server after all :> ) Does MS log the fact he is starting to scan or is this what is taking a few minutes? If it is the actual delivery while MS start right away how do you have set "Delivery Method". If it is set to queue MS will queue the scanned files and sendmail will pick them up when it is ready for it. - -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEBFRWelLo80lrIdIRAhx6AJ9NVsSyQtS94btZbwJkSZrXOPIN4ACfQtIZ v1qDo5Cqh6bwb/a8EGViuBk= =vf0n -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Tue Feb 28 13:52:30 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 28 13:52:41 2006 Subject: seems like a bug in the spam cache thing In-Reply-To: References: <1141121366.4695.29.camel@darkstar.netcore.co.in> <1EC84950-E694-41CE-AE10-11EFDD2BC24F@ecs.soton.ac.uk> Message-ID: <89C75ED3-1F4B-43CE-87E5-51FEE6AF8E94@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- This seems to be dependent on Perl version. In my version it works fine, the amount of spam tagged is the same regardless of whether I use the cache or not. This is not the first time I have seen this sort of problem, far from it. I just don't know where to apply the workaround for it (you add 0.0 to the variable to coerce it to a number). On 28 Feb 2006, at 12:38, Dave Strydom wrote: > Gentoo Linux and Version 4.50.15-1 with spamassassin 3.1.0 > > I have two other scanning servers using an older version with > spamassassin 3.0 and they are fine. This has only started happening > since this release of MailScanner, and it seems to only happen with > emails that get a hit in the spamassassin cache. > > Dave > > > On 2/28/06, Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> >> What OS and release are you using? >> >> On 28 Feb 2006, at 11:30, Dave Strydom wrote: >> >>> its not the difference in score, it's the fact that it's scoring 19 >>> from the spamassassin cache but is not being treated as spam, it's >>> being treated as clean mail. >>> >>> Dave >>> >>> On 2/28/06, Ramprasad wrote: >>>> >>>> >>>> On Tue, 2006-02-28 at 10:58 +0200, Dave Strydom wrote: >>>>> Hi, >>>>> >>>>> please refer to the attached picture, if not, let me know and >>>>> i'll put >>>>> it on the web. >>>>> >>>>> Basically an email gets picked up as spam with a spam score of >>>>> like >>>>> 19, the next message the comes in, has this message: >>>>> >>>> >>>> >>>> Look at the maillog for both the mails. See what rules hit the >>>> second >>>> mail and missed the first. >>>> >>>> Most likely these are dns checks. all the RCVD_IN_* checks >>>> >>>> Even on my server I get same mails with different scores and >>>> they are >>>> because of inconsistent scores by the dns checks, though we run a >>>> caching nameserver. I think these dns servers are not always >>>> available >>>> so that makes the difference. >>>> >>>> Thanks >>>> Ram >>>> >>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.5 (Build 5050) >> >> iQEVAwUBRAQ4+Pw32o+k+q+hAQFA1QgAj9SX7h301Ovwxu6xSOJknSj7a4gPMben >> 4ibfY6Vb34IeCiNTvmbi4ghgejgZp6OWWNo6EcO69NV1EPZ9XcQhynOm0VtFmd5u >> R233keGwQv9t88XVor34/BPKhAk/aGzT6rV5SS1K2zsSWk810rPRPdyL8ePyQ7tX >> SVd4BSO5oRGY+QYUIsq/lfoK3O+e6CAsEZ9hl2uIKgglyCxPlGbu4qdgu4ZrR7ov >> Q0x9WlMUf/V9NgDTyDXRaksXfZTsfM7b7tVt2EzOfNZp2h7XKoAWjrd/kqfOE6Ij >> kVS8KW1f7Vg30xf/B6pjiPTVPu5epUDXWVj6cD+iT+i38/NscWQJkg== >> =QiAm >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRARVo/w32o+k+q+hAQFyAgf+Pg8qGBuGAIulLozO2lmkdzzLxEyfZW3M ndRq0UsEtaWfPHlV6n2dt1u96HAJiVd/tzAaMbdG6DYty2Yj0x2rXZVqSF1kbKuI LB4Htrwojmd316U/NL0WK2DHdFZx2uivnZSF77Q+Urkt1ajFJpXiGyUJCDSpJImX GLHi9OK5DbYxMC7r2WjH4Tg2ydrfaI9pvmft6megii1buTWLsnF1uZ54XY2L19xN XTWxlG1rvAaD3YdPtv0oOHviFPsgdgjZNtj+BJoUtukjFPGzAekrjcMKnoO5VjYW FhwX7qoBVtng7a1jCjXUCOvH3c8ib1oGVaDt0hQ4ErsLAQeA3n2mSw== =uZAh -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From strydom.dave at gmail.com Tue Feb 28 14:14:33 2006 From: strydom.dave at gmail.com (Dave Strydom) Date: Tue Feb 28 14:14:36 2006 Subject: seems like a bug in the spam cache thing In-Reply-To: <89C75ED3-1F4B-43CE-87E5-51FEE6AF8E94@ecs.soton.ac.uk> References: <1141121366.4695.29.camel@darkstar.netcore.co.in> <1EC84950-E694-41CE-AE10-11EFDD2BC24F@ecs.soton.ac.uk> <89C75ED3-1F4B-43CE-87E5-51FEE6AF8E94@ecs.soton.ac.uk> Message-ID: This may help you: I'm using perl-5.8.7 --------------------- Cerberus ~ # perl -V Summary of my perl5 (revision 5 version 8 subversion 7) configuration: Platform: osname=linux, osvers=2.6.11-hardened-r15, archname=i686-linux uname='linux cerberus.xxxxxx.co.za 2.6.11-hardened-r15 #2 smp sun oct 16 16:02:15 sast 2005 i686 intel(r) xeon(tm) cpu 2.80ghz genuineintel gnulinux ' config_args='-des -Darchname=i686-linux -Dcccdlflags=-fPIC -Dccdlflags=-rdynamic -Dcc=i686-pc-linux-gnu-gcc -Dprefix=/usr -Dvendorprefix=/usr -Dsiteprefix=/usr -Dlocincpth= -Doptimize=-march=pentium4 -O3 -pipe -fomit-frame-pointer -fforce-addr -Duselargefiles -Dd_semctl_semun -Dscriptdir=/usr/bin -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dinstallman1dir=/usr/share/man/man1 -Dinstallman3dir=/usr/share/man/man3 -Dman1ext=1 -Dman3ext=3pm -Dinc_version_list=5.8.0 5.8.0/i686-linux 5.8.2 5.8.2/i686-linux 5.8.4 5.8.4/i686-linux 5.8.5 5.8.5/i686-linux 5.8.6 5.8.6/i686-linux -Dcf_by=Gentoo -Ud_csh -Di_ndbm -Di_gdbm -Di_db' hint=recommended, useposix=true, d_sigaction=define usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef useperlio=define d_sfio=undef uselargefiles=define usesocks=undef use64bitint=undef use64bitall=undef uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='i686-pc-linux-gnu-gcc', ccflags ='-fno-strict-aliasing -pipe -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64', optimize='-march=pentium4 -O3 -pipe -fomit-frame-pointer -fforce-addr', cppflags='-fno-strict-aliasing -pipe' ccversion='', gccversion='3.3.6 (Gentoo Hardened 3.3.6, ssp-3.3.6-1.0, pie-8.7.8)', gccosandvers='' intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12 ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=4, prototype=define Linker and Libraries: ld='i686-pc-linux-gnu-gcc', ldflags =' -L/usr/local/lib' libpth=/usr/local/lib /lib /usr/lib libs=-lpthread -lnsl -lndbm -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc libc=/lib/libc-2.3.5.so, so=so, useshrplib=false, libperl=libperl.a gnulibc_version='2.3.5' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic' cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib' Characteristics of this binary (from libperl): Compile-time options: USE_LARGE_FILES Built under linux Compiled at Feb 19 2006 06:03:03 @INC: /etc/perl /usr/lib/perl5/site_perl/5.8.7/i686-linux /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.6/i686-linux /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.7/i686-linux /usr/lib/perl5/vendor_perl/5.8.7 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.7/i686-linux /usr/lib/perl5/5.8.7 /usr/local/lib/site_perl . Cerberus ~ # -------------------------- On 2/28/06, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > This seems to be dependent on Perl version. In my version it works > fine, the amount of spam tagged is the same regardless of whether I > use the cache or not. > This is not the first time I have seen this sort of problem, far from > it. I just don't know where to apply the workaround for it (you add > 0.0 to the variable to coerce it to a number). > > On 28 Feb 2006, at 12:38, Dave Strydom wrote: > > > Gentoo Linux and Version 4.50.15-1 with spamassassin 3.1.0 > > > > I have two other scanning servers using an older version with > > spamassassin 3.0 and they are fine. This has only started happening > > since this release of MailScanner, and it seems to only happen with > > emails that get a hit in the spamassassin cache. > > > > Dave > > > > > > On 2/28/06, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> > >> What OS and release are you using? > >> > >> On 28 Feb 2006, at 11:30, Dave Strydom wrote: > >> > >>> its not the difference in score, it's the fact that it's scoring 19 > >>> from the spamassassin cache but is not being treated as spam, it's > >>> being treated as clean mail. > >>> > >>> Dave > >>> > >>> On 2/28/06, Ramprasad wrote: > >>>> > >>>> > >>>> On Tue, 2006-02-28 at 10:58 +0200, Dave Strydom wrote: > >>>>> Hi, > >>>>> > >>>>> please refer to the attached picture, if not, let me know and > >>>>> i'll put > >>>>> it on the web. > >>>>> > >>>>> Basically an email gets picked up as spam with a spam score of > >>>>> like > >>>>> 19, the next message the comes in, has this message: > >>>>> > >>>> > >>>> > >>>> Look at the maillog for both the mails. See what rules hit the > >>>> second > >>>> mail and missed the first. > >>>> > >>>> Most likely these are dns checks. all the RCVD_IN_* checks > >>>> > >>>> Even on my server I get same mails with different scores and > >>>> they are > >>>> because of inconsistent scores by the dns checks, though we run a > >>>> caching nameserver. I think these dns servers are not always > >>>> available > >>>> so that makes the difference. > >>>> > >>>> Thanks > >>>> Ram > >>>> > >>>> > >>>> > >>>> -- > >>>> MailScanner mailing list > >>>> mailscanner@lists.mailscanner.info > >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>> > >>>> Before posting, read http://wiki.mailscanner.info/posting > >>>> > >>>> Support MailScanner development - buy the book off the website! > >>>> > >>> -- > >>> MailScanner mailing list > >>> mailscanner@lists.mailscanner.info > >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>> > >>> Before posting, read http://wiki.mailscanner.info/posting > >>> > >>> Support MailScanner development - buy the book off the website! > >> > >> - -- > >> Julian Field > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >> > >> -----BEGIN PGP SIGNATURE----- > >> Version: PGP Desktop 9.0.5 (Build 5050) > >> > >> iQEVAwUBRAQ4+Pw32o+k+q+hAQFA1QgAj9SX7h301Ovwxu6xSOJknSj7a4gPMben > >> 4ibfY6Vb34IeCiNTvmbi4ghgejgZp6OWWNo6EcO69NV1EPZ9XcQhynOm0VtFmd5u > >> R233keGwQv9t88XVor34/BPKhAk/aGzT6rV5SS1K2zsSWk810rPRPdyL8ePyQ7tX > >> SVd4BSO5oRGY+QYUIsq/lfoK3O+e6CAsEZ9hl2uIKgglyCxPlGbu4qdgu4ZrR7ov > >> Q0x9WlMUf/V9NgDTyDXRaksXfZTsfM7b7tVt2EzOfNZp2h7XKoAWjrd/kqfOE6Ij > >> kVS8KW1f7Vg30xf/B6pjiPTVPu5epUDXWVj6cD+iT+i38/NscWQJkg== > >> =QiAm > >> -----END PGP SIGNATURE----- > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.5 (Build 5050) > > iQEVAwUBRARVo/w32o+k+q+hAQFyAgf+Pg8qGBuGAIulLozO2lmkdzzLxEyfZW3M > ndRq0UsEtaWfPHlV6n2dt1u96HAJiVd/tzAaMbdG6DYty2Yj0x2rXZVqSF1kbKuI > LB4Htrwojmd316U/NL0WK2DHdFZx2uivnZSF77Q+Urkt1ajFJpXiGyUJCDSpJImX > GLHi9OK5DbYxMC7r2WjH4Tg2ydrfaI9pvmft6megii1buTWLsnF1uZ54XY2L19xN > XTWxlG1rvAaD3YdPtv0oOHviFPsgdgjZNtj+BJoUtukjFPGzAekrjcMKnoO5VjYW > FhwX7qoBVtng7a1jCjXUCOvH3c8ib1oGVaDt0hQ4ErsLAQeA3n2mSw== > =uZAh > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From rob at thehostmasters.com Tue Feb 28 14:19:50 2006 From: rob at thehostmasters.com (Rob) Date: Tue Feb 28 14:19:58 2006 Subject: Mailscanner silently dying.... Message-ID: <007401c63c72$09467ab0$6400a8c0@flex.com> Mailscanner is quietly dying..... not much in the logs You can see it was going fine till 15:46, then my script restarted it at 16:27 I am on Debian Sarge, with Postfix SA Clamd Any ideas? Thanks... Feb 27 15:46:50 stewy MailScanner[8361]: HTML-Form tag found in message 8FEF8C285.59CF8 from subscription@businessinformationgroup.ca Feb 27 15:46:51 stewy MailScanner[8361]: Requeue: 8FEF8C285.59CF8 to 29822C298 Feb 27 16:27:49 stewy MailScanner[27971]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Feb 27 16:27:49 stewy MailScanner[27971]: Read 120 hostnames from the phishing whitelist Feb 27 16:27:51 stewy MailScanner[27971]: Enabling SpamAssassin auto-whitelist functionality... Feb 27 16:27:56 stewy MailScanner[27971]: Using locktype = flock Feb 27 16:27:56 stewy MailScanner[27971]: New Batch: Found 116 messages waiting Feb 27 16:27:56 stewy MailScanner[27971]: New Batch: Scanning 30 messages, 1357348 bytes Feb 27 16:27:56 stewy MailScanner[27971]: Spam Checks: Starting Rob... http://www.stupidguytalk.org -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060228/7cf603c9/attachment.html From MailScanner at ecs.soton.ac.uk Tue Feb 28 14:36:41 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 28 14:36:52 2006 Subject: Mailscanner silently dying.... In-Reply-To: <007401c63c72$09467ab0$6400a8c0@flex.com> References: <007401c63c72$09467ab0$6400a8c0@flex.com> Message-ID: <4F411340-FE78-4306-8578-7D5883D508BF@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 487 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060228/1d196470/PGP.bin From nerijus at users.sourceforge.net Tue Feb 28 14:37:56 2006 From: nerijus at users.sourceforge.net (Nerijus Baliunas) Date: Tue Feb 28 14:40:19 2006 Subject: bayes_toks.expire1090 In-Reply-To: <43CE95F4.3030105@ecs.soton.ac.uk> References: <20060118191054.8E364BFAF@mx.dtiltas.lt> <43CE95F4.3030105@ecs.soton.ac.uk> Message-ID: <20060228143839.C861EBD02@mx.dtiltas.lt> On Wed, 18 Jan 2006 19:24:36 +0000 Julian Field wrote: > > I have lots of bayes_toks.expire1090, bayes_toks.expire15302, etc files > > in /var/spool/MailScanner/spamassassin. Where are they appearing from? > > RH AS 4, mailscanner-4.49.7, postfix, spamassassin-3.0.4. > > They are due to SpamAssassin timeouts occurring during Bayes database > rebuilds. Your best bet is to upgrade to 4.50, as I fixed an issue > connected to this, and configure MailScanner to do the Bayes rebuilds. I found that I need to set Rebuild Bayes Every = 86400 (for example) and bayes_auto_expire 0 in spam.assassin.prefs.conf. So I suggest changing the comment before 'Rebuild Bayes Every' setting in MailScanner.conf to: # If you are using the Bayesian statistics engine on a busy server, # you may well need to force a Bayesian database rebuild and expiry # at regular intervals. This is measures in seconds. # 1 day = 86400 seconds. # To disable this feature set this to 0. # If you enable this feature, set bayes_auto_expire 0 in spam.assassin.prefs.conf. Rebuild Bayes Every = 0 Regards, Nerijus From campbell at cnpapers.com Tue Feb 28 15:27:24 2006 From: campbell at cnpapers.com (Steve Campbell) Date: Tue Feb 28 15:27:34 2006 Subject: OT: building a new MS machine and stuck at the firewall References: <440361DC.2070604@ecs.soton.ac.uk> <003b01c63c16$8f758ab0$0200a8c0@satellite> Message-ID: <010d01c63c7b$796899a0$0705000a@DDF5DW71> ----- Original Message ----- From: "Dave" To: "MailScanner discussion" Sent: Monday, February 27, 2006 10:25 PM Subject: Re: OT: building a new MS machine and stuck at the firewall > Hi, > I'd be very interested in knowing about a config utility for iptables. > I've got two boxes, primary and secondary nameservers running bind9 that > iptables when running does not allow zone queries and i'm getting > flickering timeouts. I'm also getting a new CentOS box within the next 1 > to two weeks that will be a dedicated mail server, ms-mta-sa-the works and > i'd like to not have to fight the firewall. > Thanks. > Dave. Dave, I use Firewall Builder to manage my firewalls. It's an X (or Windows) application, so there is some overhead to use it. But the GUI is well thought out, it's easy to use, and it's an RPM install. There used to be some templates for setting up a starting firewall, but I'm a little behind on my upgrades, so they may be gone now. It's very intuitive and logical, and you can see what you have running due to the great interface. It starts with the normal init scripts upon reboot. And you can manage more than one firewall from whichever machine you decide to install it on. It will transfer the firewall rules to the firewall with SSH security. And, it's a great learning tool for iptables, as you can review what it generates in its firewall files. http://www.fwbuilder.org Steve Campbell campbell@cnpapers.com Charleston Newspapers From alex at nkpanama.com Tue Feb 28 15:32:24 2006 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Feb 28 15:31:54 2006 Subject: Spam Policy per user In-Reply-To: <44043BB4.7080300@mailing.kaufland-informationssysteme.com> References: <2E09A52C9852E24A9A084352AB68F2C5D19868@w2k3-tp.techpro.local> <44043BB4.7080300@mailing.kaufland-informationssysteme.com> Message-ID: <44046D08.5090803@nkpanama.com> Maybe even put it up on the wiki? ;) Matthias Sutter wrote: > Hi Barray, > > sounds good - can you send me a copy of your code and some sentences - > howto implement? > > Matthias > > Barry Bourdage wrote: > >> I have helped with one to work with MailWatch, but if you had the >> database defined, it would run without modifications. >> >> Please e-mail me, if you would like the code. >> >> Barry >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian >> Field >> Sent: Monday, February 27, 2006 11:55 AM >> To: MailScanner discussion >> Subject: Re: Spam Policy per user >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Matthias Sutter wrote: >> >> >>> Hi, >>> >>> our mailscanner installation work very well but now we should >>> implement a function that the user have the option to change the >>> Spam properties/handling. >>> For example there are 3 lists off users: >>> >>> the first - the user should get no Spam >>> >> Spam Actions = delete >> High Scoring Spam Actions = delete >> >> >>> the second - the user get no high score Spam and all others are marked >>> >> >> >> >>> in the subject line >>> >> Spam Actions = deliver >> High Scoring Spam Actions = delete >> >> >>> and the last and default - no Spam detection and filter is active. >>> >> Spam Actions = deliver >> High Scoring Spam Actions = deliver >> >> All you need to do is write a bit of support for some sort of backend >> with a Custom Function for "Spam Actions" and "High Scoring Spam >> Actions" to produce either the "deliver" or "delete" actions as >> appropriate. >> >> Once you have some sort of a DB backend to store the data in, this is >> only a few lines of code to do the Custom Functions required. >> No huge job. >> >> >>> Can I build this scenario with mailscanner ? >>> >>> Thanks in advance >>> Matthias >>> >> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store Professional >> Support Services at www.MailScanner.biz MailScanner thanks transtec >> Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.5 (Build 5050) >> >> iQA/AwUBRAM9BRH2WUcUFbZUEQKxlwCbB3WOv8v+GwuejKfI0ieCuI4Y2S8AoMBp >> 2qNMSBvnWtYZFzl7dP5s7S8F >> =dqo/ >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From taz at taz-mania.com Tue Feb 28 19:23:01 2006 From: taz at taz-mania.com (Dennis Willson) Date: Tue Feb 28 19:23:11 2006 Subject: OT: building a new MS machine and stuck at the firewall In-Reply-To: <7EE0254D-DDB1-4E52-A7E1-B78C6CF89C47@ecs.soton.ac.uk> References: <440361DC.2070604@ecs.soton.ac.uk> <4403821F.4030503@taz-mania.com> <7EE0254D-DDB1-4E52-A7E1-B78C6CF89C47@ecs.soton.ac.uk> Message-ID: <4404A315.4010806@taz-mania.com> My comment about being new to managing Linux was really more targeted to the original poster who said: "Well I thought that I was not a newbie, but I am already stuck and having not did anything but install CentOS 4.2. I opted to enable the firewall during the setup, and now I do not even know how to turn it off let alone configure the iptables, as it seems that I need to do. I searched and searched and I really just want to turn it off because it is not directly on the net. Any simple command ex: service firewall stop chkconfig firewall or something to turn it off?" It wasn't really meant to be directed at you... Sorry Dennis Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- > > >On 27 Feb 2006, at 22:50, Dennis Willson wrote: > > > >>If you're new to managing Linux, >> >> > >Yeah, a bit, only been doing it since we first opened our public 24x7 >Linux lab back in 1993. > >:-) > >Thanks for the thought though ;-> > > > >>Webmin can make life a lot easier. You can also sometimes learn a >>few things by looking at the config files before and after you do >>something in Webmin to understand what the configs are really doing. >> >>Dennis >> >>Julian Field wrote: >> >> >> >>>-----BEGIN PGP SIGNED MESSAGE----- >>>Hash: SHA1 >>> >>> >>> >>>Joshua Hirsh wrote: >>> >>> >>> >>>>>Any simple command ex: service firewall stop chkconfig firewall or >>>>>something to turn it off? >>>>> >>>>> >>>>> >>>>Hi Billy, >>>> >>>>You have a few options: >>>> >>>>1) type 'setup' as root and disable the firewall from there >>>>2) type 'service iptables stop', and 'chkconfig iptables >>>>off' (this disabled the firewall startup script) >>>>3) for a temporary removal until next reboot, type 'iptables - >>>>F' (this flushes out the iptables rules) >>>> >>>> >>>> >>>Once you've got iptables in, how do you configure it? >>>Presumably there are some reasonable firewall configuration tools >>>included with RHEL/CentOS? >>>I've always just done it the hard way, any time I've needed it >>>(which is rarely, we have FW-1 connected to an active IDS), but >>>there must be an easy way. >>> >>>- -- Julian Field >>>www.MailScanner.info >>>Buy the MailScanner book at www.MailScanner.info/store >>>Professional Support Services at www.MailScanner.biz >>>MailScanner thanks transtec Computers for their support >>> >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>>-----BEGIN PGP SIGNATURE----- >>>Version: PGP Desktop 9.0.5 (Build 5050) >>> >>>iQA/AwUBRANh3RH2WUcUFbZUEQLNAQCg9nXA4V/l/WAU1w57bqtLnBVr8pwAoK4x >>>ZXeOnpzopydwEmppc7JBgj1m >>>=lGQH >>>-----END PGP SIGNATURE----- >>> >>> >>> >>> >>-- >> >>---------------------------------- >>Dennis Willson >>mailto:taz@taz-mania.com >>http://www.taz-mania.com >> >> >> >> >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! >> >> > >- -- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.0.5 (Build 5050) > >iQEVAwUBRAQWwvw32o+k+q+hAQE6oAf/T+xeRlFNT077Mn5R0E4fU2iliTH/f8Ma >ipbTFnbx4tlhM4j8atIaGcXwobUaJPt1KJ/7GElraGprdVFnzao6xbg0tUzVUJJg >X1PuXfcGJOkhOLB7iAEKag3TgpUg3vmqdPT5bWFow/xorDmoBRe3Ep46hQD54ivg >aAn63zXhyQooZshl4STLV34uUOXkdZUfS7DzRbwXA+ebdxcaIdzg7nsisY0SQAfx >+N8pJkX93tLEks9owdikP+VLEgusrPwRNbUvDd3uGecvkCJ9crdlCLA3g3ixwqQA >I9mC2EMrm/4M471pmKB2gVArF1uKdzntjaC+gFakNaoeUhJeTlbmDg== >=lKOL >-----END PGP SIGNATURE----- > > > -- ---------------------------------- Dennis Willson mailto:taz@taz-mania.com http://www.taz-mania.com -------------- next part -------------- A non-text attachment was scrubbed... Name: taz.vcf Type: text/x-vcard Size: 240 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060228/854ba0dd/taz.vcf From rpoe at plattesheriff.org Tue Feb 28 20:01:28 2006 From: rpoe at plattesheriff.org (Rob Poe) Date: Tue Feb 28 20:01:53 2006 Subject: OT Advice for server reinstalation In-Reply-To: <4403E6E4.5030500@nkpanama.com> References: <000f01c6394c$9b207090$1601a8c0@NBZICHOVSKY2> <4402FCAE.65ED.00A2.0@plattesheriff.org> <4403E6E4.5030500@nkpanama.com> Message-ID: <440457B8.65ED.00A2.0@plattesheriff.org> Let me re-state what I pounded out in 2 seconds and mis-spoke. PERSONALLY, Im still not running on RH7, and all my boxen are not upgrades. BUT .. he asked for something that will support his old HW. I figured an upgrade method should preserve some of the driver/whatever settings that are working for him now. And get him on a newer version of Linux. You can go from 7.x to Centos 3.x with basically no pain (gotta do it in steps), even remotely. A few glitches here and there, but really not much pain. CentOS 3.x to 4.x is painful, and there's a possibility of having to boot from floppy(cd,whatever, a pain if you dont have remote card in server). >>> alex@nkpanama.com 2/28/2006 12:00 AM >>> I'd back up all the relevant data and configs and start from scratch. Rob Poe wrote: > I'd do an upgrade from RH7.x to RH9, then upgrade from RH9 to CentOS > > But that's just me :) > > > >>>> zichovsky@trul.cz 2/24/2006 8:14 AM >>> >>>> > Hi There! > > My old RedHat 7 on server is comming to end of life, as some things are > not working correctly (but vital services like mail server > and MS are still runing OK) so I am preparing for clean neew OS install > on same (old) hardware. > > HW is pretty old, it is PIII900 with 256MB RAM, SCSI HDDs on Mylex > AcceleRAID 170 PCI RAID Controller (one RAID0 array) > (Yes, I know that 256MB is low, but it realy was enough in our > enviroment, swaping occured only in rare occasions.) I can't get new > HW, have to use this one. > > I am asking for advice which Linux distribution and products to use. > > Distribution have to be completely free (fully downloadable from > internet), > must be rpm compatible (or other packaging system, but rpm is > preffered), > must support my old HW (with RAID card), > must be "admin friendly" as I am not "big linux guru". > > Main Services which will be run on server (which are running also now) > Sendmail > POP3/IMAP (what to use here? Dovecot? Courrier? Something else?) > Apache > MailScanner > SpamAssassin > MailWatch > Samba > WebMin > MySQL > FireBird > > DHCP, DNS and firewall are running on other servers > > I am thinking of Fedora Core 4 distribution. But I am open for other > suggestion from more knowlegeable people here. > > Thanks in advance for suggestions. > > With regards > Pavel Zichovsky (zichovsky@trul) > > > -- Alex Neuman van der Hans N&K Technology Consultants Tel. +507 214-9002 - http://nkpanama.com/ From rob at stupidguytalk.org Mon Feb 27 21:43:51 2006 From: rob at stupidguytalk.org (Rob) Date: Wed Mar 1 09:00:04 2006 Subject: Mailscanner quetly dying.... Message-ID: <003901c63be6$e5e959b0$6400a8c0@flex.com> .... Mailscanner is quetly dying..... not much in the logs You can see it was going fine till 15:46, then my script restarted it at 16:27 I am on Debian Sarge, with Postfix SA Clamd Any ideas? Thanks... Feb 27 15:46:50 stewy MailScanner[8361]: HTML-Form tag found in message 8FEF8C285.59CF8 from subscription@businessinformationgroup.ca Feb 27 15:46:51 stewy MailScanner[8361]: Requeue: 8FEF8C285.59CF8 to 29822C298 Feb 27 16:27:49 stewy MailScanner[27971]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Feb 27 16:27:49 stewy MailScanner[27971]: Read 120 hostnames from the phishing whitelist Feb 27 16:27:51 stewy MailScanner[27971]: Enabling SpamAssassin auto-whitelist functionality... Feb 27 16:27:56 stewy MailScanner[27971]: Using locktype = flock Feb 27 16:27:56 stewy MailScanner[27971]: New Batch: Found 116 messages waiting Feb 27 16:27:56 stewy MailScanner[27971]: New Batch: Scanning 30 messages, 1357348 bytes Feb 27 16:27:56 stewy MailScanner[27971]: Spam Checks: Starting Rob... http://www.stupidguytalk.org -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060227/62786f95/attachment.html From Matthias.Sutter at mailing.kaufland-informationssysteme.com Tue Feb 28 11:05:44 2006 From: Matthias.Sutter at mailing.kaufland-informationssysteme.com (Matthias.Sutter) Date: Wed Mar 1 09:00:08 2006 Subject: Spam Policy per user In-Reply-To: <2E09A52C9852E24A9A084352AB68F2C5D19868@w2k3-tp.techpro.local> References: <2E09A52C9852E24A9A084352AB68F2C5D19868@w2k3-tp.techpro.local> Message-ID: <44042E88.6040507@mailing.kaufland-informationssysteme.com> Hi Barray, sounds good - can you send me a copy of your code and some sentences - howto implement? Matthias Barry Bourdage wrote: > I have helped with one to work with MailWatch, but if you had the >database defined, it would run without modifications. > >Please e-mail me, if you would like the code. > >Barry > > >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian >Field >Sent: Monday, February 27, 2006 11:55 AM >To: MailScanner discussion >Subject: Re: Spam Policy per user > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > > > >Matthias Sutter wrote: > > >>Hi, >> >>our mailscanner installation work very well but now we should >>implement a function that the user have the option to change the Spam >>properties/handling. >>For example there are 3 lists off users: >> >>the first - the user should get no Spam >> >> >Spam Actions = delete >High Scoring Spam Actions = delete > > >>the second - the user get no high score Spam and all others are marked >> >> > > > >>in the subject line >> >> >Spam Actions = deliver >High Scoring Spam Actions = delete > > >>and the last and default - no Spam detection and filter is active. >> >> >Spam Actions = deliver >High Scoring Spam Actions = deliver > >All you need to do is write a bit of support for some sort of backend >with a Custom Function for "Spam Actions" and "High Scoring Spam >Actions" to produce either the "deliver" or "delete" actions as >appropriate. > >Once you have some sort of a DB backend to store the data in, this is >only a few lines of code to do the Custom Functions required. >No huge job. > > >>Can I build this scenario with mailscanner ? >> >>Thanks in advance >>Matthias >> >> > >- -- >Julian Field >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store Professional >Support Services at www.MailScanner.biz MailScanner thanks transtec >Computers for their support > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.0.5 (Build 5050) > >iQA/AwUBRAM9BRH2WUcUFbZUEQKxlwCbB3WOv8v+GwuejKfI0ieCuI4Y2S8AoMBp >2qNMSBvnWtYZFzl7dP5s7S8F >=dqo/ >-----END PGP SIGNATURE----- > >-- >This message has been scanned for viruses and dangerous content by >MailScanner, and is believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > >